[Catalyst] 5.80005: $c->req->remote_user and apache: excluding actions from authentication

Francesc Romà i Frigolé francesc.roma+catalyst at gmail.com
Tue Jun 9 18:49:15 GMT 2009

On Tue, Jun 9, 2009 at 7:53 PM, Tomas Doran <bobtfish at bobtfish.net> wrote:

> Francesc Rom=E0 i Frigol=E9 wrote:
>> This is more of an apache question than a Catalyst one, but I'd apprecia=
>> some help.
>> I'm trying the new feature $c->req->remote_user introduced in 5.80005. I=
>> like to know if it is possible to tell apache, in a .htaccess file, to n=
>> ask authentication for a certain set of URIs (for example matching /publ=
> Yes, it is.
> <Location /public>
>   Satisfy Any
>   Allow from All
> </Location>
> should do what you want.

Thanks Tomas, but I get the error:  .htaccess: <Location not allowed here

This is because <Location> is not an "htaccess directive". See

I also tried with <FilesMatch> which it is allowed, but it doesn't seem to
work (which makes sense because I'm not actually matching any file but a
catalyst action )

> Also, if you haven't seen it yet:
> http://search.cpan.org/~bobtfish/Catalyst-Plugin-Authentication-0.10012/l=

It looks very interesting. From your explanation

    # in your Controller/Root.pm you can implement "auto-login" in this way
    sub begin : Private {
        my ( $self, $c ) =3D @_;

        unless ($c->user_exists) {
            # authenticate() for this module does not need any user info
            # as the username is taken from $c->req->remote_user and
            # password is not needed

            unless ($c->authenticate( {} )) {
              # return 403 forbidden or kick out the user in other way

it seems that it should be possible to tell apache that authentication is
optional, but I don't know how to do that. How can I make apache ask for a
username/password but not return a 401 Authorization Required error?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090609/e07fa=

More information about the Catalyst mailing list