2020-05-14 23:29:41 +02:00
|
|
|
Protect your application
|
|
|
|
========================
|
|
|
|
|
|
|
|
Presentation
|
|
|
|
------------
|
|
|
|
|
|
|
|
Your application can know the connected user using:
|
|
|
|
|
|
|
|
- REMOTE_USER environment variable (with local Handler or SetEnvIf
|
|
|
|
trick)
|
|
|
|
- HTTP header (in all cases)
|
|
|
|
|
|
|
|
To get more information on user (name, mail, etc.), you have to read
|
2020-05-18 09:56:39 +02:00
|
|
|
:ref:`HTTP headers<headers>`.
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
|
2020-05-18 09:56:39 +02:00
|
|
|
.. tip::
|
2020-05-14 23:29:41 +02:00
|
|
|
|
2020-05-20 15:44:46 +02:00
|
|
|
If your application is based on `Perl CGI package
|
|
|
|
<http://search.cpan.org/perldoc?CGI>`__, you can simply replace CGI by
|
|
|
|
:ref:`Lemonldap::NG::Handler::CGI<selfmadeapplication-perl-auto-protected-cgi>`
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
Code snippet
|
|
|
|
------------
|
|
|
|
|
2020-05-18 09:56:39 +02:00
|
|
|
Examples with a :ref:`configured header<headers>` named
|
2020-05-14 23:29:41 +02:00
|
|
|
'Auth-User':
|
|
|
|
|
|
|
|
Perl
|
|
|
|
~~~~
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. code-block:: perl
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
print "Connected user: ".$ENV{HTTP_AUTH_USER};
|
|
|
|
|
|
|
|
PHP
|
|
|
|
~~~
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. code-block:: php
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
print "Connected user: ".$_SERVER["HTTP_AUTH_USER"];
|
|
|
|
|
2020-05-18 09:56:39 +02:00
|
|
|
.. _selfmadeapplication-perl-auto-protected-cgi:
|
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
Perl auto-protected CGI
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
LL::NG now uses FastCGI instead of CGI, but you still can write your own
|
|
|
|
protected CGI.
|
|
|
|
|
|
|
|
First create a PSGI module based on Lemonldap::NG::Handler:
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. code-block:: perl
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
package My::PSGI;
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
use base "Lemonldap::NG::Handler::PSGI"; # or Lemonldap::NG::Handler::PSGI::OAuth2, etc…
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
sub init {
|
|
|
|
my ($self,$args) = @_;
|
|
|
|
$self->protection('manager');
|
|
|
|
$self->SUPER::init($args) or return 0;
|
|
|
|
$self->staticPrefix("/static");
|
|
|
|
$self->templateDir("/usr/share/lemonldap-ng/portal/templates");
|
|
|
|
# See Lemonldap::NG::Common::PSGI for more
|
|
|
|
#...
|
|
|
|
# Return a boolean. If false, then error message has to be stored in
|
|
|
|
# $self->error
|
|
|
|
return 1;
|
|
|
|
}
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
sub handler {
|
|
|
|
my ( $self, $req ) = @_;
|
|
|
|
|
|
|
|
# Will be called only if authorisated
|
|
|
|
my $userId = $self->userId($req);
|
|
|
|
#...
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
# Return JSON
|
|
|
|
# $self->sendJSONresponse(...);
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
# or Return HTML
|
|
|
|
$self->sendHtml($req, "myskin/mytemplate", ( params => { 'userId' => $userId }) );
|
|
|
|
}
|
|
|
|
|
|
|
|
They create a FCGI script like this:
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. code-block:: perl
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
#!/usr/bin/env perl
|
2020-05-18 09:56:39 +02:00
|
|
|
|
2020-05-14 23:29:41 +02:00
|
|
|
use My::PSGI;
|
|
|
|
use Plack::Handler::FCGI;
|
|
|
|
|
|
|
|
Plack::Handler::FCGI->new->run( My::PSGI->run() );
|
|
|
|
|
|
|
|
See our LLNG Nginx/Apache configurations to see how to launch it or read
|
|
|
|
`PSGI/Plack documentation <https://plackperl.org/>`__.
|
|
|
|
|
|
|
|
The protection parameter must be set when calling the init() method:
|
|
|
|
|
|
|
|
- ``none``: no protection
|
|
|
|
- ``authenticate``: check authentication but do not manage
|
|
|
|
authorization
|
|
|
|
- ``manager``: rely on virtual host configuration in Manager
|
|
|
|
- ``rule: xxx``: apply a specific rule
|