Take me over?
NAME
Catalyst::Plugin::Authentication::Credential::HTTP - HTTP Basic and Digest authentication for Catlayst.
SYNOPSIS
use Catalyst qw/
Authentication
Authentication::Store::Moose
Authentication::Credential::HTTP
/;
__PACKAGE__->config->{authentication}{http}{type} = 'any'; # or 'digest' or 'basic'
__PACKAGE__->config->{authentication}{users} = {
Mufasa => { password => "Circle Of Life", },
};
sub foo : Local {
my ( $self, $c ) = @_;
$c->authorization_required( realm => "foo" ); # named after the status code ;-)
# either user gets authenticated or 401 is sent
do_stuff();
}
# with ACL plugin
__PACKAGE__->deny_access_unless("/path", sub { $_[0]->authenticate_http });
sub end : Private {
my ( $self, $c ) = @_;
$c->authorization_required_response( realm => "foo" );
$c->error(0);
}
DESCRIPTION
This moduule lets you use HTTP authentication with Catalyst::Plugin::Authentication. Both basic and digest authentication are currently supported.
METHODS
-
Tries to
authenticate_http
, and if that fails callsauthorization_required_response
and detaches the current action call stack.This method just passes the options through untouched.
- authenticate_http %opts
-
Looks inside
$c->request->headers
and processes the digest and basic (badly named) authorization header.This will only try the methods set in the configuration.
See the next two methods for what %opts can contain.
- authenticate_basic %opts
- authenticate_digest %opts
-
Try to authenticate one of the methods without checking if the method is allowed in the configuration.
%opts can contain
store
(either an object or a name),user
(to disregard %the username from the header altogether, overriding it with a username or user %object). -
Sets
$c->response
to the correct status code, and adds the correct header to demand authentication data from the user agent.Typically used by
authorization_required
, but may be invoked manually.%opts can contain
realm
,domain
andalgorithm
, which are used to build %the digest header. -
Set or get the
$nonce
object used by the digest auth mode.You may override these methods. By default they will call
get
andset
on$c->cache
.
CONFIGURATION
All configuration is stored in YourApp->config->{authentication}{http}
.
This should be a hash, and it can contain the following entries:
- store
-
Either a name or an object -- the default store to use for HTTP authentication.
- type
-
Can be either
any
(the default),basic
ordigest
.This controls
authorization_required_response
andauthenticate_http
, but not the "manual" methods.
AUTHORS
Yuval Kogman, nothingmuch@woobling.org
Jess Robinson
Sascha Kiefer esskar@cpan.org
COPYRIGHT & LICENSE
Copyright (c) 2005-2006 the aforementioned authors. All rights
reserved. This program is free software; you can redistribute
it and/or modify it under the same terms as Perl itself.