[Catalyst] How to do pass-through login?

Gunnar Strand gunnarstrand at yahoo.com
Sun Jul 12 07:49:32 GMT 2009

Tomas Doran skrev:
> On 10 Jul 2009, at 21:09, Gunnar Strand wrote:
>> Thanks to all who answered my post regarding pass-through login! It put
>> me on the right track and it works like a charm now.
>> In my solution I have an action, Catalyst::Action::Restricted, which I
>> put on the subroutines which require a logged-in user
>> (:ActionClass('Restricted')). If no user is logged in, then the request
>> state is saved and the user forwarded to the login page.
>> I think it would be helpful to the next guy to improve the Cookbook with
>> a more elaborate example on how to implement this. The current paragraph
>> is a little thin, IMHO.
> Don't write how to implement it in the cookbook, implement the generic 
> version and put it on CPAN.. Except, that actually already happened 
> (Catalyst::Action::Role::ACL)
> However - this is a bit silly, it's better implemented as an action 
> role.. (ala Catalyst::Controller::ActionRole) in my opinion, otherwise 
> it won't play nicely with things such as Catalyst::Action::REST.
> Having spoken to the the author of the above mentioned module, I've 
> gone ahead and converted it to an ActionRole:
> http://github.com/bobtfish/catalyst-actionrole-acl/tree/master
> This will hopefully be seen on a CPAN near you soon, patches are 
> obviously welcome if it wasn't quite what you were thinking of.. ;)
That's great!

Still, I think the Manual::Cookbook page need clarification concerning 
pass-through login because it's not obvious how it's implemented. Or 
have it permanently implemented on CPAN and then have the Cookbook 
updated. I am not entirely sure where it should be put. Currently I've 
added a Myapp::State class which encapsulates save and restore of the 
request state, but it should perhaps either be part of Session (as a 
generic request state save/restore) or Request (as request->pause/resume 
or request->delay/continue or some such).

It seems on the borderland of authenticate/authorization when a user 
only need to be authenticated to be authorized to do some actions. 
Authentication should probably offer similar support, 
Catalyst::ActionRole::Authenticated (eg. sub list_member :Local 
:RequireAuthenticatedUser () { ...} )?



More information about the Catalyst mailing list