[Catalyst] Catalyst with HTTP authentication

Robert Rothenberg robrwo at gmail.com
Mon Mar 25 15:54:49 GMT 2013


On 25/03/13 14:08 Tomas Doran wrote:
> 
> On 22 Mar 2013, at 13:34, Robert Rothenberg <robrwo at gmail.com> wrote:
>> I'm unsure what to do here. Should I write a Plack::Middleware plugin that
>> translates the X-Proxy-REMOTE_USER header to an env->{REMOTE_USER}?
> 
> 
> That's exactly what's needed here :)

Ok. After faffing about, I've figured it out. I've created a module

  package Plack::Middleware::MyRemote;

  use parent qw( Plack::Middleware );

  use Plack::Util;

  sub call {
      my ($self, $env) = @_;

      $env->{REMOTE_USER} = $env->{HTTP_X_PROXY_REMOTE_USER}
        if ($env->{HTTP_X_PROXY_REMOTE_USER});

      my $res = $self->app->($env);

      return $res;
  }

  1;

and modified myapp.psgi to

  use strict;
  use warnings;

  use MyApp;

  use Plack::Builder;

  my $app = Drain->apply_default_middlewares(Drain->psgi_app);

  builder {
     enable "Plack::Middleware::MyRemote";
     $app;
  };

that seems to work now.

In the Apache configuration, I need to add:

  RequestHeader unset X-Proxy-REMOTE_USER

  RewriteEngine On
  RewriteCond %{LA-U:REMOTE_USER} (.+)
  RewriteRule . - [E=RU:%1]
  RequestHeader add X-Proxy-REMOTE_USER %{RU}e

along with the requirement to log in for the specific directory.

I'd suggest updating the documentation for A::C::Remote accordingly. (I can
do this if you point me in the direction of the git repo....)

This seems to work properly.










More information about the Catalyst mailing list