1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:selfmadeapplication</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,selfmadeapplication"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="selfmadeapplication.html"/>
<link rel="contents" href="selfmadeapplication.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9';var JSINFO = {"id":"documentation:1.9:selfmadeapplication","namespace":"documentation:1.9"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#code_snippet">Code snippet</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#perl">Perl</a></div></li>
<li class="level2"><div class="li"><a href="#php">PHP</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#perl_auto-protected_cgi">Perl auto-protected CGI</a></div></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="protect_your_application">Protect your application</h1>
<div class="level1">
</div>
<!-- EDIT1 SECTION "Protect your application" [1-40] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
Your application can know the connected user using:
</p>
<ul>
<li class="level1"><div class="li"> REMOTE_USER environment variable (with local Handler or SetEnvIf trick)</div>
</li>
<li class="level1"><div class="li"> HTTP header (in all cases)</div>
</li>
</ul>
<p>
To get more information on user (name, mail, etc.), you have to read <a href="writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.9:writingrulesand_headers">HTTP headers</a>.
</p>
<div class="notetip">If your application is based on <a href="http://search.cpan.org/perldoc?CGI" class="urlextern" title="http://search.cpan.org/perldoc?CGI" rel="nofollow">Perl CGI package</a>, you can simply replace CGI by <a href="#perl_auto-protected_cgi" title="documentation:1.9:selfmadeapplication ↵" class="wikilink1">Lemonldap::NG::Handler::CGI</a>
</div>
</div>
<!-- EDIT2 SECTION "Presentation" [41-542] -->
<h2 class="sectionedit3" id="code_snippet">Code snippet</h2>
<div class="level2">
<p>
Examples with a <a href="writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.9:writingrulesand_headers">configured header</a> named 'Auth-User':
</p>
</div>
<!-- EDIT3 SECTION "Code snippet" [543-658] -->
<h3 class="sectionedit4" id="perl">Perl</h3>
<div class="level3">
<pre class="code file perl"><a href="http://perldoc.perl.org/functions/print.html"><span class="kw3">print</span></a> <span class="st0">"Connected user: "</span><span class="sy0">.</span><span class="re0">$ENV</span><span class="br0">{</span>HTTP_AUTH_USER<span class="br0">}</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT4 SECTION "Perl" [659-742] -->
<h3 class="sectionedit5" id="php">PHP</h3>
<div class="level3">
<pre class="code file php"><span class="kw1">print</span> <span class="st0">"Connected user: "</span><span class="sy0">.</span><span class="re0">$_SERVER</span><span class="br0">{</span>HTTP_AUTH_USER<span class="br0">}</span><span class="sy0">;</span></pre>
</div>
<!-- EDIT5 SECTION "PHP" [743-828] -->
<h2 class="sectionedit6" id="perl_auto-protected_cgi">Perl auto-protected CGI</h2>
<div class="level2">
<p>
Using this feature, you don't have to use virtual host protection: protection is embedded in Lemonldap::NG::Handler::CGI.
</p>
<p>
Lemonldap::NG::Handler::CGI adds some functions to <a href="http://search.cpan.org/perldoc?CGI" class="urlextern" title="http://search.cpan.org/perldoc?CGI" rel="nofollow">CGI</a>:
</p>
<ul>
<li class="level1"><div class="li"> authenticate: check if user is authenticated; if not, redirect it to the portal</div>
</li>
<li class="level1"><div class="li"> authorize: check if user is authorizated to access to this <abbr title="Uniform Resource Locator">URL</abbr></div>
</li>
</ul>
<p>
Example:
</p>
<ul>
<li class="level1"><div class="li"> Code to replace:</div>
</li>
</ul>
<pre class="code perl"><span class="kw1">my</span> <span class="re0">$cgi</span> <span class="sy0">=</span> <span class="kw2">new</span> CGI<span class="sy0">;</span>
<span class="sy0">...</span></pre>
<ul>
<li class="level1"><div class="li"> New code:</div>
</li>
</ul>
<pre class="code perl"><span class="kw1">my</span> <span class="re0">$cgi</span> <span class="sy0">=</span> Lemonldap<span class="sy0">::</span><span class="me2">NG</span><span class="sy0">::</span><span class="me2">Handler</span><span class="sy0">::</span><span class="me2">CGI</span><span class="sy0">-></span><span class="kw2">new</span> <span class="br0">(</span><span class="br0">{</span><span class="br0">}</span><span class="br0">)</span><span class="sy0">;</span>
<span class="re0">$cgi</span><span class="sy0">-></span><span class="me1">authenticate</span><span class="br0">(</span><span class="br0">)</span><span class="sy0">;</span>
<span class="re0">$cgi</span><span class="sy0">-></span><span class="me1">authorize</span><span class="br0">(</span><span class="br0">)</span><span class="sy0">;</span>
<span class="sy0">...</span></pre>
<p>
Then you can access to user datas
</p>
<pre class="code perl"><span class="co1"># Get attributes (or macros)</span>
<span class="kw1">my</span> <span class="re0">$cn</span> <span class="sy0">=</span> <span class="re0">$cgi</span><span class="sy0">-></span><span class="me1">user</span><span class="sy0">-></span><span class="br0">{</span>cn<span class="br0">}</span>
<span class="co1"># Test if user is member of a Lemonldap::NG group (or LDAP mapped group)</span>
<span class="kw1">if</span><span class="br0">(</span> <span class="re0">$cgi</span><span class="sy0">-></span><span class="me1">group</span><span class="br0">(</span><span class="st_h">'admin'</span><span class="br0">)</span> <span class="br0">)</span> <span class="br0">{</span>
<span class="co1"># special html code for admins</span>
<span class="br0">}</span>
<span class="kw1">else</span> <span class="br0">{</span>
<span class="co1"># another HTML code</span>
<span class="br0">}</span></pre>
<p>
You can test any <abbr title="Uniform Resource Locator">URL</abbr> to see if it's protected using testUri(). It returns:
</p>
<ul>
<li class="level1"><div class="li"> 1 if user is authorizated to access to it</div>
</li>
<li class="level1"><div class="li"> 0 if not</div>
</li>
<li class="level1"><div class="li"> -1 if this <abbr title="Uniform Resource Locator">URL</abbr> is not known by <abbr title="LemonLDAP::NG">LL::NG</abbr> configuration</div>
</li>
</ul>
<pre class="code perl"><span class="kw1">if</span><span class="br0">(</span><span class="re0">$cgi</span><span class="sy0">-></span><span class="me1">testUri</span><span class="br0">(</span><span class="st_h">'http://test3.example.com/'</span><span class="br0">)</span> <span class="br0">{</span>
<a href="http://perldoc.perl.org/functions/print.html"><span class="kw3">print</span></a> <span class="st_h">'<a href="http://test3.example.com/">click here</a>'</span><span class="sy0">;</span>
<span class="br0">}</span></pre>
</div>
<!-- EDIT6 SECTION "Perl auto-protected CGI" [829-] --></div>
</body>
</html>
|
