PerlSetVar behaviour within <Limit> directive

PerlSetVar behaviour within <Limit> directive

am 23.01.2009 11:55:40 von Pat Downey

--00c09f8b8f56d989820461243a52
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi

I am trying to set variables for the Atlassian Crowd PerlAuthzHandler based
upon the type of request that is being received by the apache server.

The chunk from my httpd.conf file looks something like the following:


AuthType Basic
AuthName "Crowd Auth"

PerlAuthenHandler Apache::CrowdAuth
PerlAuthzHandler Apache::CrowdAuthz

PerlSetVar CrowdAppName app
PerlSetVar CrowdAppPassword *******
PerlSetVar CrowdSOAPURL
http://crowdhost:8095/crowd/services/SecurityServer


PerlSetVar CrowdAllowedGroups reader,writer
Require valid-user


PerlSetVar CrowdAllowedGroups writer
Require valid-user



What I'd like is for members of the reader or writer groups to have GET
access and only members of the writer group to have everything else (mainly
for POST) access.

The problem seems to be that the 'PerlSetVar CrowdAllowedGroups writer' is
overwriting the
'PerlSetVar CrowdAllowedGroups reader,writer' call for all requests, not
just the method that I'm trying to limit each setting to. The opposite is
the case if I swap the two lines around.

Am I doing anything obviously wrong? or is this just the way it works.

If it's just the way it is then does anyone have any ideas on how to call
PerlSetVar with different values based upon the request type? or suggestions
on a better way to do what I'm trying to do?

Thanks in advance,

Pat

--00c09f8b8f56d989820461243a52
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

ont-size:12px">

Hi

I am trying to set variable=
s for the Atlassian Crowd PerlAuthzHandler based upon the type of request&n=
bsp;that is being received by the apache server.



The chunk from my httpd.conf file looks something like =
the following:

<LocationMatch ^/path>
<=
div>  AuthType Basic
  AuthName "Cro=
wd Auth"



  PerlAuthenHandler Apache::CrowdAuth
iv>  PerlAuthzHandler Apache::CrowdAuthz

>  PerlSetVar CrowdAppName app
  PerlSetVar C=
rowdAppPassword *******
  PerlSetVar CrowdSOAPURL =
lor:rgb(33, 88, 148)" target=3D"_blank">http://crowdhost:8095/crowd/service=
s/SecurityServer



  <Limit GET>
  =
;  PerlSetVar CrowdAllowedGroups reader,writer
   =
 Require valid-user
  </Limit>
&nb=
sp; <LimitExcept GET>
    PerlSetVar Cr=
owdAllowedGroups writer


    Require valid-user
  </Limit=
Except>
</LocationMatch>

What I=
'd like is for members of the reader or writer groups to have GET acces=
s and only members of the writer group to have everything else (mainly for =
POST) access.



The problem seems to be that the 'PerlSetVar CrowdA=
llowedGroups writer' is overwriting the
'PerlSetVar Crowd=
AllowedGroups reader,writer' call for all requests, not just the method=
that I'm trying to limit each setting to. The opposite is the case if =
I swap the two lines around.



Am I doing anything obviously wrong? or is this just th=
e way it works. 

If it's just the way it =
is then does anyone have any ideas on how to call PerlSetVar with different=
values based upon the request type? or suggestions on a better way to do w=
hat I'm trying to do?



Thanks in advance,

Pat
span>

--00c09f8b8f56d989820461243a52--

Re: PerlSetVar behaviour within <Limit> directive

am 23.01.2009 12:12:03 von torsten.foertsch

On Fri 23 Jan 2009, Pat Downey wrote:
> =A0
> =A0 =A0 PerlSetVar CrowdAllowedGroups reader,writer
> =A0 =A0 Require valid-user
> =A0
> =A0
> =A0 =A0 PerlSetVar CrowdAllowedGroups writer
> =A0 =A0 Require valid-user
> =A0
>
>
> What I'd like is for members of the reader or writer groups to have
> GET access and only members of the writer group to have everything
> else (mainly for POST) access.
>
> The problem seems to be that the 'PerlSetVar CrowdAllowedGroups
> writer' is overwriting the
> 'PerlSetVar CrowdAllowedGroups reader,writer' call for all requests,
> not just the method that I'm trying to limit each setting to.

Then, how about

PerlSetVar CrowdAllowedGroups reader,writer
Require valid-user

PerlSetVar CrowdAllowedGroups writer



Torsten

=2D-=20
Need professional mod_perl support?
Just hire me: torsten.foertsch@gmx.net

Re: PerlSetVar behaviour within <Limit> directive

am 23.01.2009 12:52:28 von Pat Downey

--00c09f986f0ff133b604612505a7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

2009/1/23 Torsten Foertsch

> PerlSetVar CrowdAllowedGroups reader,writer
> Require valid-user
>
> PerlSetVar CrowdAllowedGroups writer
>
>

Thanks for the response Torsten, unfortunately this still exhibits the
same behaviour that I was experiencing before.
In both your example and the original each seem to behave as if you had


....

PerlSetVar CrowdAllowedGroups reader,writer
PerlSetVar CrowdAllowedGroups writer
Require valid-user


as your configuration.

I guess I might have to modify the module to recognise another couple of
variables say CrowdAllowedWriteGroups and CrowdAllowedReadGroups and not
worry about the directives as I think I'm using them in a way that
wasn't intended.

Pat

--00c09f986f0ff133b604612505a7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

2009/1/23 Torsten Foertsch <=
;&g=
t;
order-left:1px #ccc solid;padding-left:1ex;">
 PerlSetVar CrowdAllowedGroups reader,writer
=

 Require valid-user

 <LimitExcept GET>

   PerlSetVar CrowdAllowedGroups writer

 </LimitExcept>

Than=
ks for the response Torsten, unfortunately this still exhibits the same&nbs=
p;behaviour that I was experiencing before.

In both=
your example and the original each seem to behave as if you had


<Location /blah>
...
r>
PerlSetVar CrowdAllowedGroups reader,writer
Perl=
SetVar CrowdAllowedGroups writer
Require valid-user

</Location>

as your configuration. =
;

I guess I might have to modify the module to rec=
ognise another couple of variables say CrowdAllowedWriteGroups and CrowdAll=
owedReadGroups and not worry about the <Limit> directives as I think =
I'm using them in a way that wasn't intended.


Pat


--00c09f986f0ff133b604612505a7--

Re: PerlSetVar behaviour within <Limit> directive

am 23.01.2009 14:55:17 von Michael Ludwig

Pat Downey schrieb:
>
> I guess I might have to modify the module to recognise another couple
> of variables say CrowdAllowedWriteGroups and CrowdAllowedReadGroups
> and not worry about the directives as I think I'm using them
> in a way that wasn't intended.

That's what I think, too. The relevant concept here seems to be the
one of scope. See:

Configuration Sections - Apache HTTP Server
http://httpd.apache.org/docs/2.2/sections.html

| Directives in the configuration files may apply to the entire server,
| or they may be restricted to apply only to particular directories,
| files, hosts, or URLs. This document describes how to use
| configuration section containers or .htaccess files to change the
| *scope* of other configuration directives.

The document then lists directives that do change the scope, and
is not among them.

Michael Ludwig