CAP::Authorization, CAP::AutoRunmode & CA::Dispatch
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
CAP::Authorization, CAP::AutoRunmode & CA::Dispatch
by Jolly.Tall
::
Rate this Message:
Am having some difficulty with the FORBIDDEN_RUNMODE param when using
CAP::Authorization with CA::Dispatch. All my application classes inherit from a base class where I have defined the 'forbidden' runmode (using AutoRunmode syntax). But declaring FORBIDDEN_RUNMODE => 'forbidden' in authz->config() means that for some reason the classes loaded by CA::Dispatch - which all 'use base MyApp::Base' - can't find the forbidden() rm so return my error page instead. So I looked at the documentation and found the CALLBACKS section, and wondered what would happen if I defined the authz_forbidden runmode in cgiapp_prerun() instead of using FORBIDDEN_RUNMODE in the config: $self->run_modes( authz_forbidden => 'forbidden' ); and this actually works, even though I'm using a version 4.xx CGI::Application - I get my forbidden() output rather than the error page. But is this the right way to use CAP::Authorization in this situation? Should I expect CAP::Auth to work out-of-the-box with CA::Dispatch? -- Richard Jones ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################ |
|
|
Re: CAP::Authorization, CAP::AutoRunmode & CA::Dispatch
by Bugzilla from mark@summersault.com
::
Rate this Message:
On Tue, 11 Aug 2009 10:52:51 +0100
Richard Jones <ra.jones@...> wrote: > Am having some difficulty with the FORBIDDEN_RUNMODE param when using > CAP::Authorization with CA::Dispatch. All my application classes inherit > from a base class where I have defined the 'forbidden' runmode (using > AutoRunmode syntax). But declaring FORBIDDEN_RUNMODE => 'forbidden' in > authz->config() means that for some reason the classes loaded by > CA::Dispatch - which all 'use base MyApp::Base' - can't find the > forbidden() rm so return my error page instead. I suggest looking into this a bit further. At the moment that the forbidden run mode can't be found, has it been registered in the run_modes() hash? > and this actually works, even though I'm using a version 4.xx > CGI::Application - I get my forbidden() output rather than the error > page. But is this the right way to use CAP::Authorization in this > situation? Should I expect CAP::Auth to work out-of-the-box with > CA::Dispatch? I think these tools should be work together. In fact, I think I'm using them together myself. Mark -- . . . . . . . . . . . . . . . . . . . . . . . . . . . Mark Stosberg Principal Developer mark@... Summersault, LLC 765-939-9301 ext 202 database driven websites . . . . . http://www.summersault.com/ . . . . . . . . ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################ |
|
|
Re: CAP::Authorization, CAP::AutoRunmode & CA::Dispatch
by P Kishor-3
::
Rate this Message:
On Tue, Aug 11, 2009 at 4:52 AM, Richard Jones<ra.jones@...> wrote:
> Am having some difficulty with the FORBIDDEN_RUNMODE param when using > CAP::Authorization with CA::Dispatch. All my application classes inherit > from a base class where I have defined the 'forbidden' runmode (using > AutoRunmode syntax). But declaring FORBIDDEN_RUNMODE => 'forbidden' in > authz->config() means that for some reason the classes loaded by > CA::Dispatch - which all 'use base MyApp::Base' - can't find the forbidden() > rm so return my error page instead. This sounds conceptually similar to the problem I seem to be having with C::A::P::Routes. The nut of the problem is that you set up something in your base class, and that is not respected in the class that inherits from the base class. I have been experimenting with my home grown authentication module. I have the following in my base class package MyAuthen; sub setup { my $self = shift; .. $self->param(protected_runmodes => [qw(prefs update nuke admin logout)]); } sub cgiapp_prerun { my $self = shift; my $protected_runmodes = $self->param('protected_runmodes'); foreach my $rm (@$protected_runmodes) { if ($self->prerun_mode() eq $rm) { unless ($self->session->param('is_logged_in')) { $self->prerun_mode('login'); } last; } } } and then, in the class that inherits I have use base 'MyAuthen'; sub setup { my $self = shift; $self->SUPER::setup(); $self->param(protected_runmodes => [qw(view)]); } I am expecting the 'view' would be added to the list of 'protected_runmodes' inherited from MyAuthen, but that is not the case. > > So I looked at the documentation and found the CALLBACKS section, and > wondered what would happen if I defined the authz_forbidden runmode in > cgiapp_prerun() instead of using FORBIDDEN_RUNMODE in the config: > > $self->run_modes( authz_forbidden => 'forbidden' ); > > and this actually works, even though I'm using a version 4.xx > CGI::Application - I get my forbidden() output rather than the error page. > But is this the right way to use CAP::Authorization in this > situation? Should I expect CAP::Auth to work out-of-the-box with > CA::Dispatch? > -- > Richard Jones > -- Puneet Kishor http://www.punkish.org Carbon Model http://carbonmodel.org Charter Member, Open Source Geospatial Foundation http://www.osgeo.org Science Commons Fellow, http://sciencecommons.org/about/whoweare/kishor Nelson Institute, UW-Madison http://www.nelson.wisc.edu ----------------------------------------------------------------------- Assertions are politics; backing up assertions with evidence is science ======================================================================= ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################ |
|
|
Re: Re: CAP::Authorization, CAP::AutoRunmode & CA::Dispatch
by Jolly.Tall
::
Rate this Message:
Mark Stosberg wrote:
> On Tue, 11 Aug 2009 10:52:51 +0100 > Richard Jones <ra.jones@...> wrote: > >> Am having some difficulty with the FORBIDDEN_RUNMODE param when using >> CAP::Authorization with CA::Dispatch. All my application classes inherit >> from a base class where I have defined the 'forbidden' runmode (using >> AutoRunmode syntax). But declaring FORBIDDEN_RUNMODE => 'forbidden' in >> authz->config() means that for some reason the classes loaded by >> CA::Dispatch - which all 'use base MyApp::Base' - can't find the >> forbidden() rm so return my error page instead. > > I suggest looking into this a bit further. At the moment that the > forbidden run mode can't be found, has it been registered in the > run_modes() hash? It looks like it isn't. If I define FORBIDDEN_RUNMODE => 'my_forbidden_rm' in authz->config() in cgiapp_init(), and then in cgiapp_prerun(): use Data::Dumper; warn Dumper $self->run_modes(); I get: $VAR1 = 'authz_forbidden'; $VAR2 = sub { "DUMMY" }; $VAR3 = 'default'; $VAR4 = 'default'; $VAR5 = 'login'; $VAR6 = 'login'; $VAR7 = 'authen_logout'; $VAR8 = sub { "DUMMY" }; $VAR9 = 'AUTOLOAD'; $VAR10 = sub { "DUMMY" }; $VAR11 = 'authz_dummy_redirect'; $VAR12 = sub { "DUMMY" }; $VAR13 = 'authen_dummy_redirect'; $VAR14 = sub { "DUMMY" }; $VAR15 = 'start'; $VAR16 = 'dump_html'; But if I set $self->run_modes( authz_forbidden => 'my_forbidden_rm' ) in cgiapp_prerun() and then (still in cgiapp_prerun) dump $self->run_modes() immediately after: $VAR1 = 'default'; $VAR2 = 'default'; $VAR3 = 'authz_forbidden'; $VAR4 = 'my_forbidden_rm'; # <== here $VAR5 = 'login'; $VAR6 = 'login'; $VAR7 = 'authen_logout'; $VAR8 = sub { "DUMMY" }; $VAR9 = 'AUTOLOAD'; $VAR10 = sub { "DUMMY" }; $VAR11 = 'authz_dummy_redirect'; $VAR12 = sub { "DUMMY" }; $VAR13 = 'authen_dummy_redirect'; $VAR14 = sub { "DUMMY" }; $VAR15 = 'start'; $VAR16 = 'dump_html'; And this time the forbidden runmode is found and returns its stuff. So presumably the forbidden rm is not being registered in cgiapp_init(). Is cgiapp_init() too early to define FORBIDDEN_RUNMODE, and its param gets clobbered in setup()? Could it be CAP::AutoRunmode be interfering? I'll run some more tests tomorrow. -- Richard Jones ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################ |
|
|
Re: Re: CAP::Authorization, CAP::AutoRunmode & CA::Dispatch
by Jolly.Tall
::
Rate this Message:
Richard Jones wrote:
> Mark Stosberg wrote: >> On Tue, 11 Aug 2009 10:52:51 +0100 >> Richard Jones <ra.jones@...> wrote: >> >>> Am having some difficulty with the FORBIDDEN_RUNMODE param when using >>> CAP::Authorization with CA::Dispatch. All my application classes >>> inherit from a base class where I have defined the 'forbidden' >>> runmode (using AutoRunmode syntax). But declaring FORBIDDEN_RUNMODE >>> => 'forbidden' in authz->config() means that for some reason the >>> classes loaded by CA::Dispatch - which all 'use base MyApp::Base' - >>> can't find the forbidden() rm so return my error page instead. >> >> I suggest looking into this a bit further. At the moment that the >> forbidden run mode can't be found, has it been registered in the >> run_modes() hash? > > It looks like it isn't. If I define FORBIDDEN_RUNMODE => > 'my_forbidden_rm' in authz->config() in cgiapp_init(), and then in > cgiapp_prerun(): > > use Data::Dumper; warn Dumper $self->run_modes(); > But if I set $self->run_modes( authz_forbidden => 'my_forbidden_rm' ) in > cgiapp_prerun() and then (still in cgiapp_prerun) dump > $self->run_modes() immediately after: [..] > And this time the forbidden runmode is found and returns its stuff. [..] More info: For *runmodes* protected using "return $self->authz->forbidden() unless $self->authz->authorize('admin')" it works as documented. But for *classes* protected by __PACKAGE__->authz->authz_runmodes( ':all' => 'admin' ) then only if I specifically remove FORBIDDEN_RUNMODE from authz->config() in cgiapp_init()[*], and define $self->run_modes( authz_forbidden => 'forbidden' ) in cgiapp_prerun() does my custom forbidden rm get returned. Even defining authz_forbidden in setup() doesn't suffice. Of course removing FORBIDDEN_RUNMODE from authz->config() means the runmode-level protection returns the default 'You do not have permission to perform that action' instead of my custom page, but that's easy to get round using 'return $self->forbidden()' instead of $self->authz->forbidden(). * - otherwise it triggers the 'unknown action' page instead -- Richard Jones ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################ |
| Free embeddable forum powered by Nabble | Forum Help |
