[Catalyst-commits] r10307 - branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential

Wed May 27 05:21:38 GMT 2009

Author: kmx
Date: 2009-05-27 05:21:38 +0000 (Wed, 27 May 2009)
New Revision: 10307

Modified:
   branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential/Remote.pm
Log:
branch Credential::Remote - general support for SSL_CLIENT_*

Modified: branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential/Remote.pm
===================================================================

--- branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential/Remote.pm	2009-05-27 02:41:17 UTC (rev 10306)
+++ branches/Catalyst-Plugin-Authentication/credential_remote/lib/Catalyst/Authentication/Credential/Remote.pm	2009-05-27 05:21:38 UTC (rev 10307)
@@ -57,16 +57,17 @@
             $remuser = $c->req->user;
         }
     }    
-    elsif ($self->source eq "SSL_CLIENT_DN") {
+    elsif ($self->source =~ /^SSL_CLIENT_.*$/) {
         # if user is authenticated via SSL certificate his distinguished name
-        # is available in SSL_CLIENT_DN variable
+        # is available in e.g. SSL_CLIENT_S_DN (Apache+mod_ssl)
         # BEWARE: $c->engine->env was broken prior 5.80005
+        my $nam=$self->source;
         if (defined($c->engine->env)) {
-            $remuser = $c->engine->env->{SSL_CLIENT_DN};
+            $remuser = $c->engine->env->{$nam};
         }
         else {
             # this happens on Catalyst 5.80004 and before (when using FastCGI)
-            Catalyst::Exception->throw( "Cannot handle parameter 'source=SSL_CLIENT_DN'");
+            Catalyst::Exception->throw( "Cannot handle parameter 'source=$nam'");
         }
     }
     else {
@@ -166,18 +167,19 @@
 Active Directory enviroment) or even the SSL authentication when users 
 authenticate themself using their client SSL certificates.   
 
-B<BEWARE:> Support for SSL authentication does not work with Catalyst 5.8004 
-and before (if you want details see source code). 
-
 The main idea of this module is based on a fact that webserver passes the name
 of authenticated user into Catalyst application as REMOTE_USER variable (or in 
-case of SSL client authentication SSL_CLIENT_DN) - from this point referenced as 
-WEBUSER. This module simply takes this value - perfoms some optional checks (see
+case of SSL client authentication in other variables like SSL_CLIENT_S_DN on
+Apache + mod_ssl) - from this point referenced as WEBUSER. 
+This module simply takes this value - perfoms some optional checks (see
 below) - and if everything is OK the WEBUSER is declared as authenticated on 
 Catalyst level. In fact this module does not perform any check for password or 
 other credential; it simply believes the webserver that user was properly 
 authenticated.
 
+B<BEWARE:> Support for using different variables than REMOTE_USER does not work 
+with Catalyst 5.8004 and before (if you want details see source code). 
+
 =head1 CONFIG
 
 =head2 class
@@ -197,7 +199,7 @@
 This config item is B<OPTIONAL> - default is REMOTE_USER.
 
 B<source> contains a name of a variable passed from webserver that contains the 
-user identification - supported values: REMOTE_USER, SSL_CLIENT_DN
+user identification - supported values: REMOTE_USER, SSL_CLIENT_*
 
 =head2 deny_regexp
 


