Differences
This shows you the differences between two versions of the page.
— |
documentation:2.1:securetoken [2019/06/05 15:13] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Secure Token Handler ====== | ||
+ | ===== Presentation ===== | ||
+ | |||
+ | The Secure Token Handler is a special Handler that creates a token for each request and send it to the protected application. The real user identifier is stored in a Memcached server and the protected application can request the Memcached server to get user identifier. | ||
+ | |||
+ | This mechanism allows one to protect an application with an unsafe link between Handler and the application, | ||
+ | |||
+ | ===== Configuration ===== | ||
+ | |||
+ | Install Cache:: | ||
+ | |||
+ | ==== Virtual host ==== | ||
+ | |||
+ | You just have to set "Type: SecureToken" | ||
+ | |||
+ | If you want to protect only a virtualHost part, keep type on " | ||
+ | * Apache: use simply a '' | ||
+ | * Nginx: create another FastCGI with a '' | ||
+ | |||
+ | < | ||
+ | ==== Handler parameters ==== | ||
+ | |||
+ | SecureToken parameters are the following: | ||
+ | * **Memcached servers**: addresses of Memcached servers, separated with spaces. | ||
+ | * **Token expiration**: | ||
+ | * **Attribute to store**: the session key that will be stored in Memcached. | ||
+ | * **Protected URLs**: Regexp of URLs for which the secure token will be sent, separated by spaces | ||
+ | * **Header name**: name of the HTTP header carrying by the secure token. | ||
+ | * **Allow requests in error**: allow a request that has generated an error in token generation to be forwarded to the protected application without secure token (default: yes) | ||
+ | |||
+ | <note important> | ||
+ | Due to Handler API change in 1.9, you need to set these attributes in '' | ||
+ | <file ini> | ||
+ | [handler] | ||
+ | secureTokenMemcachedServers = 127.0.0.1: | ||
+ | secureTokenExpiration = 60 | ||
+ | secureTokenAttribute = uid | ||
+ | secureTokenUrls = .* | ||
+ | secureTokenHeader = Auth-Token | ||
+ | secureTokenAllowOnError = 1 | ||
+ | </ | ||
+ | </ |