2016-10-15 19:57:54 +02:00
<!DOCTYPE html>
< html lang = "fr" dir = "ltr" >
< head >
< meta http-equiv = "content-type" content = "text/html; charset=UTF-8" >
< meta charset = "utf-8" / >
2017-02-07 17:35:26 +01:00
< title > documentation:2.0:selfmadeapplication< / title > <!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else --><!-- //endif -->
2016-10-15 19:57:54 +02:00
< meta name = "generator" content = "DokuWiki" / >
2017-02-11 11:17:16 +01:00
< meta name = "robots" content = "index,follow" / >
2016-10-15 19:57:54 +02:00
< meta name = "keywords" content = "documentation,2.0,selfmadeapplication" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "selfmadeapplication.html" / >
< link rel = "contents" href = "selfmadeapplication.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
2016-10-15 19:57:54 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : s e l f m a d e a p p l i c a t i o n " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
2017-02-07 17:35:26 +01:00
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script > <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script > <!-- //endif --> <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/lib/scripts/jquery-ui.js" > < / script > <!-- //endif -->
2016-10-15 19:57:54 +02:00
< / head >
< body >
< div class = "dokuwiki export container" > <!-- TOC START -->
< div id = "dw__toc" >
< h3 class = "toggle" > Table of Contents< / h3 >
< div >
< ul class = "toc" >
< li class = "level1" > < div class = "li" > < a href = "#presentation" > Présentation< / a > < / div > < / li >
< li class = "level1" > < div class = "li" > < a href = "#code_snippet" > Exemple de code< / a > < / div >
< ul class = "toc" >
< li class = "level2" > < div class = "li" > < a href = "#perl" > Perl< / a > < / div > < / li >
< li class = "level2" > < div class = "li" > < a href = "#php" > PHP< / a > < / div > < / li >
< / ul >
< / li >
< li class = "level1" > < div class = "li" > < a href = "#perl_auto-protected_cgi" > CGI aito-protégée Perl< / a > < / div > < / li >
< / ul >
< / div >
< / div > <!-- TOC END -->
< h1 class = "sectionedit1" id = "protect_your_application" > Protéger une application< / h1 >
< div class = "level1" >
< / div > <!-- EDIT1 SECTION "Protect your application" [1 - 40] -->
< h2 class = "sectionedit2" id = "presentation" > Présentation< / h2 >
< div class = "level2" >
< p >
Une application peut connaître l'utilisateur connecté en utilisant :
< / p >
< ul >
< li class = "level1" > < div class = "li" > la variable d'environnement REMOTE_USER (avec un agent local ou une conversion SetEnvIf)< / div >
< / li >
< li class = "level1" > < div class = "li" > HTTP header (in all cases)< / div >
< / li >
< / ul >
< p >
Pour obtenir plus d'information sur l'utilisateur (nom, adresse de courriel, etc...), il faut lire les < a href = "writingrulesand_headers.html#headers" class = "wikilink1" title = "documentation:2.0:writingrulesand_headers" > en-têtes HTTP< / a > .
< / p >
< div class = "notetip" > If your application is based on < a href = "http://search.cpan.org/perldoc?CGI" class = "urlextern" title = "http://search.cpan.org/perldoc?CGI" rel = "nofollow" > Perl CGI package< / a > , you can simply replace CGI by < a href = "#perl_auto-protected_cgi" title = "documentation:2.0:selfmadeapplication ↵" class = "wikilink1" > Lemonldap::NG::Handler::CGI< / a >
< / div >
< / div > <!-- EDIT2 SECTION "Presentation" [41 - 542] -->
< h2 class = "sectionedit3" id = "code_snippet" > Exemple de code< / h2 >
< div class = "level2" >
< p >
Exemples avec un < a href = "writingrulesand_headers.html#headers" class = "wikilink1" title = "documentation:2.0:writingrulesand_headers" > en-tête configuré< / a > nommé 'Auth-User':
< / p >
< / div > <!-- EDIT3 SECTION "Code snippet" [543 - 658] -->
< h3 class = "sectionedit4" id = "perl" > Perl< / h3 >
< div class = "level3" >
< pre class = "code file perl" > < a href = "http://perldoc.perl.org/functions/print.html" > < span class = "kw3" > print< / span > < / a > < span class = "st0" > "Connected user: "< / span > < span class = "sy0" > .< / span > < span class = "re0" > $ENV< / span > < span class = "br0" > {< / span > HTTP_AUTH_USER< span class = "br0" > }< / span > < span class = "sy0" > ;< / span > < / pre >
< / div > <!-- EDIT4 SECTION "Perl" [659 - 742] -->
< h3 class = "sectionedit5" id = "php" > PHP< / h3 >
< div class = "level3" >
2017-02-07 17:35:26 +01:00
< pre class = "code file php" > < span class = "kw1" > print< / span > < span class = "st0" > "Connected user: "< / span > < span class = "sy0" > .< / span > < span class = "re0" > $_SERVER< / span > < span class = "br0" > [< / span > < span class = "st0" > "HTTP_AUTH_USER"< / span > < span class = "br0" > ]< / span > < span class = "sy0" > ;< / span > < / pre >
2016-10-15 19:57:54 +02:00
2017-02-07 17:35:26 +01:00
< / div > <!-- EDIT5 SECTION "PHP" [743 - 830] -->
2016-10-15 19:57:54 +02:00
< h2 class = "sectionedit6" id = "perl_auto-protected_cgi" > CGI aito-protégée Perl< / h2 >
< div class = "level2" >
< p >
Using this feature, you don't have to use virtual host protection: protection is embedded in Lemonldap::NG::Handler::CGI.
< / p >
< p >
Lemonldap::NG::Handler::CGI adds some functions to < a href = "http://search.cpan.org/perldoc?CGI" class = "urlextern" title = "http://search.cpan.org/perldoc?CGI" rel = "nofollow" > CGI< / a > :
< / p >
< ul >
< li class = "level1" > < div class = "li" > authenticate : vérifie que l'utilisateur est authentifié ; sinon, il est redirigé vers le portail< / div >
< / li >
< li class = "level1" > < div class = "li" > authorize : vérifie si l'utilisateur est autorisé à accèder à cette < abbr title = "Uniform Resource Locator" > URL< / abbr > < / div >
< / li >
< / ul >
< p >
Exemple :
< / p >
< ul >
< li class = "level1" > < div class = "li" > Code à remplacer :< / div >
< / li >
< / ul >
< pre class = "code perl" > < span class = "kw1" > my< / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > =< / span > < span class = "kw2" > new< / span > CGI< span class = "sy0" > ;< / span >
< span class = "sy0" > ...< / span > < / pre >
< ul >
< li class = "level1" > < div class = "li" > Nouveau code:< / div >
< / li >
< / ul >
< pre class = "code perl" > < span class = "kw1" > my< / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > =< / span > Lemonldap< span class = "sy0" > ::< / span > < span class = "me2" > NG< / span > < span class = "sy0" > ::< / span > < span class = "me2" > Handler< / span > < span class = "sy0" > ::< / span > < span class = "me2" > CGI< / span > < span class = "sy0" > -> < / span > < span class = "kw2" > new< / span > < span class = "br0" > (< / span > < span class = "br0" > {< / span > < span class = "br0" > }< / span > < span class = "br0" > )< / span > < span class = "sy0" > ;< / span >
< span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > authenticate< / span > < span class = "br0" > (< / span > < span class = "br0" > )< / span > < span class = "sy0" > ;< / span >
< span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > authorize< / span > < span class = "br0" > (< / span > < span class = "br0" > )< / span > < span class = "sy0" > ;< / span >
< span class = "sy0" > ...< / span > < / pre >
< p >
On peut ensuite accéder aux données de l'utilisateur
< / p >
< pre class = "code perl" > < span class = "co1" > # Obtenir des attributs (ou macros)< / span >
< span class = "kw1" > my< / span > < span class = "re0" > $cn< / span > < span class = "sy0" > =< / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > user< / span > < span class = "sy0" > -> < / span > < span class = "br0" > {< / span > cn< span class = "br0" > }< / span >
< span class = "co1" > # Tester si l'utilisateur est membre d'un groupe Lemonldap::NG (ou d'un groupe LDAP translaté)< / span >
< span class = "kw1" > if< / span > < span class = "br0" > (< / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > group< / span > < span class = "br0" > (< / span > < span class = "st_h" > 'admin'< / span > < span class = "br0" > )< / span > < span class = "br0" > )< / span > < span class = "br0" > {< / span >
< span class = "co1" > # code html spécial pour les administrateurs< / span >
< span class = "br0" > }< / span >
< span class = "kw1" > else< / span > < span class = "br0" > {< / span >
< span class = "co1" > # autre code HTML< / span >
< span class = "br0" > }< / span > < / pre >
< p >
On peut tester toute < abbr title = "Uniform Resource Locator" > URL< / abbr > pour voir si elle est protégée en utilisant testUri(). Elle retourne :
< / p >
< ul >
< li class = "level1" > < div class = "li" > 1 si l'utilisateur est autorisé à y accéder< / div >
< / li >
< li class = "level1" > < div class = "li" > 0 sinon< / div >
< / li >
< li class = "level1" > < div class = "li" > -1 si cette < abbr title = "Uniform Resource Locator" > URL< / abbr > n'est pas connue de la configuration de < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > < / div >
< / li >
< / ul >
< pre class = "code perl" > < span class = "kw1" > if< / span > < span class = "br0" > (< / span > < span class = "re0" > $cgi< / span > < span class = "sy0" > -> < / span > < span class = "me1" > testUri< / span > < span class = "br0" > (< / span > < span class = "st_h" > 'http://test3.example.com/'< / span > < span class = "br0" > )< / span > < span class = "br0" > {< / span >
< a href = "http://perldoc.perl.org/functions/print.html" > < span class = "kw3" > print< / span > < / a > < span class = "st_h" > '< a href="http://test3.example.com/"> click here< /a> '< / span > < span class = "sy0" > ;< / span >
< span class = "br0" > }< / span > < / pre >
2017-02-07 17:35:26 +01:00
< / div > <!-- EDIT6 SECTION "Perl auto - protected CGI" [831 - ] -->
2016-10-15 19:57:54 +02:00
< / div >
< / body >
< / html >