Protect your application¶
Presentation¶
Your application can know the connected user using:
REMOTE_USER environment variable (with local Handler or SetEnvIf trick)
HTTP header (in all cases)
To get more information on user (name, mail, etc.), you have to read HTTP headers.
Tip
If your application is based on Perl CGI package, you can simply replace CGI by Lemonldap::NG::Handler::CGI
Code snippet¶
Examples with a configured header named ‘Auth-User’:
Perl¶
print "Connected user: ".$ENV{HTTP_AUTH_USER};
PHP¶
print "Connected user: ".$_SERVER["HTTP_AUTH_USER"];
Perl auto-protected CGI¶
LL::NG now uses FastCGI instead of CGI, but you still can write your own protected CGI.
First create a PSGI module based on Lemonldap::NG::Handler:
package My::PSGI;
use base "Lemonldap::NG::Handler::PSGI"; # or Lemonldap::NG::Handler::PSGI::OAuth2, etc…
sub init {
my ($self,$args) = @_;
$self->protection('manager');
$self->SUPER::init($args) or return 0;
$self->staticPrefix("/static");
$self->templateDir("/usr/share/lemonldap-ng/portal/templates");
# See Lemonldap::NG::Common::PSGI for more
#...
# Return a boolean. If false, then error message has to be stored in
# $self->error
return 1;
}
sub handler {
my ( $self, $req ) = @_;
# Will be called only if authorisated
my $userId = $self->userId($req);
#...
# Return JSON
# $self->sendJSONresponse(...);
# or Return HTML
$self->sendHtml($req, "myskin/mytemplate", ( params => { 'userId' => $userId }) );
}
They create a FCGI script like this:
#!/usr/bin/env perl
use My::PSGI;
use Plack::Handler::FCGI;
Plack::Handler::FCGI->new->run( My::PSGI->run() );
See our LLNG Nginx/Apache configurations to see how to launch it or read PSGI/Plack documentation.
The protection parameter must be set when calling the init() method:
none
: no protectionauthenticate
: check authentication but do not manage authorizationmanager
: rely on virtual host configuration in Managerrule: xxx
: apply a specific rule