Custom Authentication

Two phases to authentication in Apache:
Authentication phase
Is remote user who he says he is?

Authorization phase
Is remote user authorized to get this resource?

Anonymous User Authentication

This is a simple authorization system that mimics the anonymous FTP style login.

Configuration File Entry

 <Location /protected>
   AuthName "Anonymous Login"
   AuthType Basic
   PerlAuthenHandler  Apache::AuthAnon
   PerlSetVar         Anonymous anonymous|anybody|nobody
   require valid-user
 </Location>

Script III.4.1: Apache::AuthAnon


package Apache::AuthAnon;

use strict;
use Apache::Constants ':common';

my $email_pat = '\@\w+\.\w+';
my $anon_id  = "anonymous";

sub handler {
    my $r = shift;

    my($res, $sent_pwd) = $r->get_basic_auth_pw;
    return $res if $res != OK;
    
    my $user = lc $r->connection->user;
    my $reason = "";

    my $check_id = $r->dir_config("Anonymous") || $anon_id;

    unless($user =~ /^$check_id$/i) {
	$reason = "user did not enter a valid anonymous username";
    }

    unless($sent_pwd =~ /$email_pat/o) {
	$reason = "user did not enter an email address password";
    } 

    if($reason) {
	$r->note_basic_auth_failure;
	$r->log_reason($reason,$r->filename);
	return AUTH_REQUIRED;
    }

    $r->notes(AuthAnonPassword => $sent_pwd);

    return OK;
 }

1;

What it Looks Like

http://localhost/anonymous/test_document.html

<< Previous
 Contents >> Next >>
Lincoln D. Stein, lstein@cshl.org
Cold Spring Harbor Laboratory
Last modified: Thu Nov 4 07:59:38 EST 1999