2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:selfmadeapplication< / title >
< meta name = "generator" content = "DokuWiki" / >
2017-09-14 14:55:18 +02:00
< meta name = "robots" content = "index,follow" / >
2016-10-15 19:57:04 +02:00
< meta name = "keywords" content = "documentation,2.0,selfmadeapplication" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "selfmadeapplication.html" / >
< link rel = "contents" href = "selfmadeapplication.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : s e l f m a d e a p p l i c a t i o n " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
<!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Presentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#code_snippet" > Code snippet< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#perl" > Perl< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#php" > PHP< / a > < / div > < / li >
< / ul >
< / li >
< li class = "level1" > < div class = "li" > < a href = "#perl_auto-protected_cgi" > Perl auto-protected CGI< / a > < / div > < / li >
< / ul >
< / div >
< / div >
<!-- TOC END -->
< h1 class = "sectionedit1" id = "protect_your_application" > Protect your application< / h1 >
< div class = "level1" >
< / div >
<!-- EDIT1 SECTION "Protect your application" [1 - 40] -->
< h2 class = "sectionedit2" id = "presentation" > Presentation< / h2 >
< div class = "level2" >
< p >
Your application can know the connected user using:
< / p >
< ul >
< li class = "level1" > < div class = "li" > REMOTE_USER environment variable (with local Handler or SetEnvIf trick)< / div >
< / li >
< li class = "level1" > < div class = "li" > HTTP header (in all cases)< / div >
< / li >
< / ul >
< p >
To get more information on user (name, mail, etc.), you have to read < a href = "writingrulesand_headers.html#headers" class = "wikilink1" title = "documentation:2.0:writingrulesand_headers" > HTTP headers< / a > .
< / p >
< div class = "notetip" > If your application is based on < a href = "http://search.cpan.org/perldoc?CGI" class = "urlextern" title = "http://search.cpan.org/perldoc?CGI" rel = "nofollow" > Perl CGI package< / a > , you can simply replace CGI by < a href = "#perl_auto-protected_cgi" title = "documentation:2.0:selfmadeapplication ↵" class = "wikilink1" > Lemonldap::NG::Handler::CGI< / a >
< / div >
< / div >
<!-- EDIT2 SECTION "Presentation" [41 - 542] -->
< h2 class = "sectionedit3" id = "code_snippet" > Code snippet< / h2 >
< div class = "level2" >
< p >
Examples with a < a href = "writingrulesand_headers.html#headers" class = "wikilink1" title = "documentation:2.0:writingrulesand_headers" > configured header< / a > named ' Auth-User' :
< / p >
< / div >
<!-- EDIT3 SECTION "Code snippet" [543 - 658] -->
< h3 class = "sectionedit4" id = "perl" > Perl< / h3 >
< div class = "level3" >
< pre class = "code file perl" > < a href = "http://perldoc.perl.org/functions/print.html" > < span class = "kw3" > print< / span > < / a > < span class = "st0" > " Connected user: " < / span > < span class = "sy0" > .< / span > < span class = "re0" > $ENV< / span > < span class = "br0" > { < / span > HTTP_AUTH_USER< span class = "br0" > } < / span > < span class = "sy0" > ;< / span > < / pre >
< / div >
<!-- EDIT4 SECTION "Perl" [659 - 742] -->
< h3 class = "sectionedit5" id = "php" > PHP< / h3 >
< div class = "level3" >
2017-02-07 17:35:26 +01:00
< pre class = "code file php" > < span class = "kw1" > print< / span > < span class = "st0" > " Connected user: " < / span > < span class = "sy0" > .< / span > < span class = "re0" > $_SERVER< / span > < span class = "br0" > [ < / span > < span class = "st0" > " HTTP_AUTH_USER" < / span > < span class = "br0" > ] < / span > < span class = "sy0" > ;< / span > < / pre >
2016-10-15 19:57:04 +02:00
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT5 SECTION "PHP" [743 - 830] -->
2016-10-15 19:57:04 +02:00
< h2 class = "sectionedit6" id = "perl_auto-protected_cgi" > Perl auto-protected CGI< / h2 >
< div class = "level2" >
< p >
2017-08-30 18:47:22 +02:00
< abbr title = "LemonLDAP::NG" > LL::NG< / abbr > now uses FastCGI instead of CGI, but you still can write your own protected CGI.
2016-10-15 19:57:04 +02:00
< / p >
< p >
2017-08-30 18:47:22 +02:00
First create a PSGI module based on Lemonldap::NG::Handler:
2016-10-15 19:57:04 +02:00
< / p >
2018-11-26 14:15:43 +01:00
< pre class = "code perl" > < a href = "http://perldoc.perl.org/functions/package.html" > < span class = "kw3" > package< / span > < / a > My< span class = "sy0" > ::< / span > < span class = "me2" > PSGI< / span > < span class = "sy0" > ;< / span >
2017-08-30 18:47:22 +02:00
2019-05-12 16:33:56 +02:00
< span class = "kw2" > use< / span > base < span class = "st0" > " Lemonldap::NG::Handler::PSGI" < / span > < span class = "sy0" > ;< / span > < span class = "co1" > # or Lemonldap::NG::Handler::PSGI::OAuth2, etc…< / span >
2017-08-30 18:47:22 +02:00
2018-11-26 14:15:43 +01:00
< span class = "kw2" > sub< / span > init < span class = "br0" > { < / span >
2017-08-30 18:47:22 +02:00
< span class = "kw1" > my< / span > < span class = "br0" > ( < / span > < span class = "re0" > $self< / span > < span class = "sy0" > ,< / span > < span class = "re0" > $args< / span > < span class = "br0" > ) < / span > < span class = "sy0" > =< / span > < span class = "co5" > @_< / span > < span class = "sy0" > ;< / span >
< span class = "re0" > $self< / span > < span class = "sy0" > -> < / span > < span class = "me1" > protection< / span > < span class = "br0" > ( < / span > < span class = "st_h" > 'manager'< / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span >
2018-11-26 14:15:43 +01:00
< span class = "re0" > $self< / span > < span class = "sy0" > -> < / span > < span class = "me1" > SUPER< / span > < span class = "sy0" > ::< / span > < span class = "me2" > init< / span > < span class = "br0" > ( < / span > < span class = "re0" > $args< / span > < span class = "br0" > ) < / span > < span class = "kw1" > or< / span > < a href = "http://perldoc.perl.org/functions/return.html" > < span class = "kw3" > return< / span > < / a > < span class = "nu0" > 0< / span > < span class = "sy0" > ;< / span >
< span class = "re0" > $self< / span > < span class = "sy0" > -> < / span > < span class = "me1" > staticPrefix< / span > < span class = "br0" > ( < / span > < span class = "st0" > " /static" < / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span >
< span class = "re0" > $self< / span > < span class = "sy0" > -> < / span > < span class = "me1" > templateDir< / span > < span class = "br0" > ( < / span > < span class = "st0" > " /usr/share/lemonldap-ng/portal/templates" < / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span >
2017-08-30 18:47:22 +02:00
< span class = "co1" > # See Lemonldap::NG::Common::PSGI for more< / span >
2018-11-26 14:15:43 +01:00
< span class = "co1" > #...< / span >
2017-08-30 18:47:22 +02:00
< span class = "co1" > # Return a boolean. If false, then error message has to be stored in< / span >
< span class = "co1" > # $self-> error< / span >
< a href = "http://perldoc.perl.org/functions/return.html" > < span class = "kw3" > return< / span > < / a > < span class = "nu0" > 1< / span > < span class = "sy0" > ;< / span >
2018-11-26 14:15:43 +01:00
< span class = "br0" > } < / span >
2017-08-30 18:47:22 +02:00
2018-11-26 14:15:43 +01:00
< span class = "kw2" > sub< / span > handler < span class = "br0" > { < / span >
2017-08-30 18:47:22 +02:00
< span class = "kw1" > my< / span > < span class = "br0" > ( < / span > < span class = "re0" > $self< / span > < span class = "sy0" > ,< / span > < span class = "re0" > $req< / span > < span class = "br0" > ) < / span > < span class = "sy0" > =< / span > < span class = "co5" > @_< / span > < span class = "sy0" > ;< / span >
< span class = "co1" > # Will be called only if authorisated< / span >
2018-11-26 14:15:43 +01:00
< span class = "kw1" > my< / span > < span class = "re0" > $userId< / span > < span class = "sy0" > =< / span > < span class = "re0" > $self< / span > < span class = "sy0" > -> < / span > < span class = "me1" > userId< / span > < span class = "br0" > ( < / span > < span class = "re0" > $req< / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span >
< span class = "co1" > #...< / span >
< span class = "co1" > # Return JSON< / span >
< span class = "co1" > # $self-> sendJSONresponse(...);< / span >
< span class = "co1" > # or Return HTML< / span >
< span class = "re0" > $self< / span > < span class = "sy0" > -> < / span > < span class = "me1" > sendHtml< / span > < span class = "br0" > ( < / span > < span class = "re0" > $req< / span > < span class = "sy0" > ,< / span > < span class = "st0" > " myskin/mytemplate" < / span > < span class = "sy0" > ,< / span > < span class = "br0" > ( < / span > params < span class = "sy0" > => < / span > < span class = "br0" > { < / span > < span class = "st_h" > 'userId'< / span > < span class = "sy0" > => < / span > < span class = "re0" > $userId< / span > < span class = "br0" > } < / span > < span class = "br0" > ) < / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span >
< span class = "br0" > } < / span > < / pre >
< p >
They create a FCGI script like this:
< / p >
< pre class = "code perl" > < span class = "co1" > #!/usr/bin/env perl< / span >
< span class = "kw2" > use< / span > My< span class = "sy0" > ::< / span > < span class = "me2" > PSGI< / span > < span class = "sy0" > ;< / span >
< span class = "kw2" > use< / span > Plack< span class = "sy0" > ::< / span > < span class = "me2" > Handler< / span > < span class = "sy0" > ::< / span > < span class = "me2" > FCGI< / span > < span class = "sy0" > ;< / span >
Plack< span class = "sy0" > ::< / span > < span class = "me2" > Handler< / span > < span class = "sy0" > ::< / span > < span class = "me2" > FCGI< / span > < span class = "sy0" > -> < / span > < span class = "me1" > new< / span > < span class = "sy0" > -> < / span > < span class = "me1" > run< / span > < span class = "br0" > ( < / span > My< span class = "sy0" > ::< / span > < span class = "me2" > PSGI< / span > < span class = "sy0" > -> < / span > < span class = "me1" > run< / span > < span class = "br0" > ( < / span > < span class = "br0" > ) < / span > < span class = "br0" > ) < / span > < span class = "sy0" > ;< / span > < / pre >
2016-10-15 19:57:04 +02:00
< p >
2018-06-25 23:17:51 +02:00
See our LLNG Nginx/Apache configurations to see how to launch it or read < a href = "https://plackperl.org/" class = "urlextern" title = "https://plackperl.org/" rel = "nofollow" > PSGI/Plack documentation< / a > .
2016-10-15 19:57:04 +02:00
< / p >
< p >
2017-08-30 18:47:22 +02:00
The protection parameter must be set when calling the init() method:
2016-10-15 19:57:04 +02:00
< / p >
< ul >
2017-08-30 18:47:22 +02:00
< li class = "level1" > < div class = "li" > < code > none< / code > : no protection< / div >
< / li >
< li class = "level1" > < div class = "li" > < code > authenticate< / code > : check authentication but do not manage authorization< / div >
2016-10-15 19:57:04 +02:00
< / li >
2017-08-30 18:47:22 +02:00
< li class = "level1" > < div class = "li" > < code > manager< / code > : rely on virtual host configuration in Manager< / div >
2016-10-15 19:57:04 +02:00
< / li >
2017-08-30 18:47:22 +02:00
< li class = "level1" > < div class = "li" > < code > rule: xxx< / code > : apply a specific rule < / div >
2016-10-15 19:57:04 +02:00
< / li >
< / ul >
< / div >
2017-02-07 17:35:26 +01:00
<!-- EDIT6 SECTION "Perl auto - protected CGI" [831 - ] --> < / div >
2016-10-15 19:57:04 +02:00
< / body >
< / html >