documentation:2.1:selfmadeapplication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:selfmadeapplication [2019/04/23 10:06] (current)
Line 1: Line 1:
 +====== Protect your application ======
 +
 +===== Presentation =====
 +
 +Your application can know the connected user using:
 +  * REMOTE_USER environment variable (with local Handler or SetEnvIf trick)
 +  * HTTP header (in all cases)
 +
 +To get more information on user (name, mail, etc.), you have to read [[writingrulesand_headers#headers|HTTP headers]].
 +
 +<note tip>
 +If your application is based on [[http://search.cpan.org/perldoc?CGI|Perl CGI package]], you can simply replace CGI by [[#perl_auto-protected_cgi|Lemonldap::NG::Handler::CGI]]
 +</note>
 +
 +===== Code snippet =====
 +
 +Examples with a [[writingrulesand_headers#headers|configured header]] named 'Auth-User':
 +
 +==== Perl ====
 +
 +<file perl>
 +print "Connected user: ".$ENV{HTTP_AUTH_USER};
 +</file>
 +
 +==== PHP ====
 +
 +<file php>
 +print "Connected user: ".$_SERVER["HTTP_AUTH_USER"];
 +</file>
 +
 +===== Perl auto-protected CGI =====
 +
 +LL::NG now uses FastCGI instead of CGI, but you still can write your own protected CGI.
 +
 +First create a PSGI module based on Lemonldap::NG::Handler:
 +<code perl>
 +package My::PSGI;
 +  
 +use base "Lemonldap::NG::Handler::PSGI"; # or Lemonldap::NG::Handler::PSGI::OAuth2, etc…
 +  
 +sub init {
 +    my ($self,$args) = @_;
 +    $self->protection('manager');
 +    $self->SUPER::init($args) or return 0;
 +    $self->staticPrefix("/static");
 +    $self->templateDir("/usr/share/lemonldap-ng/portal/templates");
 +    # See Lemonldap::NG::Common::PSGI for more
 +    #...
 +    # Return a boolean. If false, then error message has to be stored in
 +    # $self->error
 +    return 1;
 +}
 +  
 +sub handler {
 +    my ( $self, $req ) = @_;
 +
 +    # Will be called only if authorisated
 +    my $userId = $self->userId($req);
 +    #...
 +    
 +    # Return JSON
 +    # $self->sendJSONresponse(...);
 +    
 +    # or Return HTML
 +    $self->sendHtml($req, "myskin/mytemplate", ( params => { 'userId' => $userId }) );
 +}
 +</code>
 +
 +They create a FCGI script like this:
 +<code perl>
 +#!/usr/bin/env perl
 + 
 +use My::PSGI;
 +use Plack::Handler::FCGI;
 +
 +Plack::Handler::FCGI->new->run( My::PSGI->run() );
 +</code>
 +
 +See our LLNG Nginx/Apache configurations to see how to launch it or read [[https://plackperl.org/|PSGI/Plack documentation]].
 +
 +The protection parameter must be set when calling the init() method:
 +  * ''none'': no protection
 +  * ''authenticate'': check authentication but do not manage authorization
 +  * ''manager'': rely on virtual host configuration in Manager
 +  * ''rule: xxx'': apply a specific rule