|
perry.tew at cibavision.novartis.com
perry.tew at cibavision.novartis.com
Wed Oct 1 17:47:02 EST 2003
Hello.
In a PerlAuthenHandler, I can do the following to set the REMOTE_USER
variable
(which is necessary since I'm using SSL Client Certs for authentication
and not Basic Auth, and no, I'm not using FakeBasicAuth)
Perl:
##########################################
package Apache::AuthClientCert;
# file: Apache/AuthClientCert;
use strict;
use Apache::Constants qw(:common);
sub handler{
my $r = shift;
return OK unless $r->is_main;
my $subr = $r->lookup_uri($r->uri);
my $env = $subr->subprocess_env;
my $cn = $env->{'SSL_CLIENT_S_DN_CN'};
my $username = $cn;
### KEY LINE BELOW ###
$r->connection->user( $username );
### KEY LINE ABOVE ###
return OK;
}
1;
__END__
#############################################
If you notice in the perl script, I found that the REMOTE_USER variable is
not populated, even
if I return OK, unless I explicitly set it using $r->connection->user(
$username ).
I go about it this
way because we all have digital certs in my company and it's an easy way
to handle security.
However, even if I use SSL for the front door, my backend processes ( some
java ) want to know
who is coming through the door. The only way to pass that information to a
j2ee server like weblogic
is via the REMOTE_USER variable.
So, my question is, how do I set this value using mod_python? The docs
state that req.user is read only.
I see the example PythonAuthenHandler (spam and eggs) uses
req.connection.user, but I can't find any
docs on that (anyone have a url)?
Does anyone know how to set the user so that the REMOTE_USER var is
correctly populated?
Thanks for your time,
Perry
|