Table of Contents

Protect your application

Presentation

Your application can know the connected user using:

To get more information on user (name, mail, etc.), you have to read HTTP headers.

If your application is based on Perl CGI package, you can simply replace CGI by Lemonldap::NG::Handler::CGI

Code snippet

Examples with a configured header named 'Auth-User':

Perl

print "Connected user: ".$ENV{HTTP_AUTH_USER};

PHP

print "Connected user: ".$_SERVER["HTTP_AUTH_USER"];

Perl auto-protected CGI

Using this feature, you don't have to use virtual host protection: protection is embedded in Lemonldap::NG::Handler::CGI.

Lemonldap::NG::Handler::CGI adds some functions to CGI:

Example:

my $cgi = new CGI;
...
my $cgi = Lemonldap::NG::Handler::CGI->new ({});
$cgi->authenticate();
$cgi->authorize();
...

Then you can access to user datas

# Get attributes (or macros)
my $cn = $cgi->user->{cn}
 
# Test if user is member of a Lemonldap::NG group (or LDAP mapped group)
if( $cgi->group('admin') ) {
  # special html code for admins
}
else {
  # another HTML code
}

You can test any URL to see if it's protected using testUri(). It returns:

if($cgi->testUri('http://test3.example.com/') {
  print '<a href="http://test3.example.com/">click here</a>';
}