当前位置: 文江博客话题详情

如何堆叠 Plack 身份验证处理程序?

发布于 10-11 08:18 字数 479 浏览 13 评论 0原文

我想让我的 Plack 应用程序尝试几种不同的方式来授权用户。具体来说,检查用户是否已通过会话 cookie 获得授权,然后检查摘要式身份验证,然后返回到基本身份验证。

我想我可以按照我希望检查的顺序启用一堆身份验证处理程序(会话、摘要、基本)。不幸的是, Plack::Middleware::Auth::Digest< 的方式/a> 和 Plack::Middleware::Auth::Basic 被写入,如果摘要或基本身份验证不存在,它们都会分别返回 401。

Plack 中通常如何处理这个问题?

原文

I would like to have my Plack app try several different means of authorizing the user. Specifically, check if the user is already authorized via a session cookie, then check for Digest authentication and then fall back to Basic.

I figured I could just enable a bunch of Auth handlers in the order I wanted them to be checked (Session, Digest, Basic). Unfortunately, the way that Plack::Middleware::Auth::Digest and Plack::Middleware::Auth::Basic are written they both return 401 if digest or basic auth doesn't exist, respectively.

How is this normally dealt with in Plack?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

平安喜乐2024-10-18 08:18:15

我没有实施,但我想我有方法。您可以使用 Plack::Middleware::Conditional 来“内联”执行此操作。所以它看起来像这样,但您必须填写缺少的条件/测试。我没有看到简单/明显的方法,但我怀疑你可能会。由于您有 $env 来传递,您应该能够按照您想要的顺序设置/检查 HTTP_/session 内容,并保留下一个处理程序的状态以了解是否应该启用它。

use Plack::Builder;

my $app = sub {
    [ 200,
      [ "Content-Type" => "text/plain" ],
      [ "O HAI, PLAK!" ]
    ];
};

builder {
    enable "Session::Cookie";
    enable_if { my $env = shift;
                # I don't know...
            } "Auth::Digest",
                realm => "Secured", secret => "BlahBlah",
                    authenticator => sub { $_[0] eq $_[1] };
    enable_if { my $env = shift;
                # I don't know...
            } "Auth::Basic",
                authenticator => sub { $_[0] eq $_[1] };
    $app;
};

I do not have an implementation but I think I have the approach. You can do this "in-line" with Plack::Middleware::Conditional. So it would look like this but you'll have to fill in the missing conditions/tests. I didn't see an easy/obvious way but I suspect you might. Since you have the $env to pass around you should be able to set/check HTTP_/session stuff in the order you want and keep the state for the next handler to know if it should be enabled or not.

use Plack::Builder;

my $app = sub {
    [ 200,
      [ "Content-Type" => "text/plain" ],
      [ "O HAI, PLAK!" ]
    ];
};

builder {
    enable "Session::Cookie";
    enable_if { my $env = shift;
                # I don't know...
            } "Auth::Digest",
                realm => "Secured", secret => "BlahBlah",
                    authenticator => sub { $_[0] eq $_[1] };
    enable_if { my $env = shift;
                # I don't know...
            } "Auth::Basic",
                authenticator => sub { $_[0] eq $_[1] };
    $app;
};
回复 原文
离去的眼神2024-10-18 08:18:15

我认为您将需要编写自己的中间件,因为理想情况下(基于对 的快速阅读RFC 2617)当未经过身份验证时,您将返回带有 Basic 和 Digest 质询的 WWW-Authenticate 标头(对于仅了解 Basic 的用户代理,首先是 Basic)。

I think you are going to need to write your own middleware, since ideally (based on a very quick read of RFC 2617) when not authenticated you would return a WWW-Authenticate header with both Basic and Digest challenges (with Basic first, for user agents that only understand Basic).

回复 原文
~没有更多了~

关于作者

女皇必胜

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

身边

文章 0 评论 0

qq_oxT0yE

文章 0 评论 0

卷着的草席

文章 0 评论 0

£冰雨忧蓝°

文章 0 评论 0

我还不会笑

文章 0 评论 0

Unbroken

文章 0 评论 0

更多

友情链接

文江博客
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文