I've quite figured it out. I've followed the steps you've outlined,
but I'm unclear on how to implement the last beforeFilter function
since I'm using another authenticate function. I think I'm probably
missing something simple, but any help would be appreciated. This
works well on other servers, but not on a server with php as cgi.
function beforeFilter() {
$this->Auth->allow('feed');
$this->Security->loginOptions = array(
'type'=>'basic',
'login'=>'authenticate',
'realm'=>'CaseMojo iCal Feed',
);
$this->Security->loginUsers = array();
$this->Security->requireLogin('feed');
parent::beforeFilter();
}
function authenticate($args) {
$data[ $this->Auth->fields['username'] ] = $args
['PHP_AUTH_USER'];
$data[ $this->Auth->fields['password'] ] = $this->Auth->password
($args['PHP_AUTH_PW']);
if ( $this->Auth->login($data) ) {
return true;
} else {
$this->Security->blackHole($this, 'login');
return false;
}
}
On Sep 5, 5:57 pm, Jeff Deroshia <deros...@gmail.com> wrote:
> I was able to find a workaround using mod_rewrite (a module that continues
> to amaze me with its usefulness). So for anyone else who needs to use the
> http authentication methods of the Security Component while running php
> through cgi, here's what I did to get it working:
>
> In the .htaccess file in the webroot dir, I modified the default rewrite
> rule by removing the 'last' flag:
>
> old: RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
> new: RewriteRule ^(.*)$ index.php?url=$1 [QSA]
>
> Then I added another RewriteRule below that one, giving it the 'last' flag I
> took away from the previous rule:
>
> RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
>
> This new rule sets the environment variable REMOTE_USER to the value of the
> HTTP Authorization header. With basic authentication, which is what I am
> using since I'm behind an SSL connection, the Authorization string consists
> of the word 'Basic', a space, and a base64 encoded string of the supplied
> username and password separated by a colon (:).
>
> Php adds this new environment variable to the $_SERVER superglobal array
> with the key 'REDIRECT_REMOTE_USER'. So, in my beforeFilter callback I've
> added the following code:
>
> if(Configure::read('in_production') {
> list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' ,
> base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
>
> }
>
> Now the variables that the Security Component (and php) use for HTTP
> Authentication are set, which makes functionality that was only explicitly
> available in the apache php module also available in sites that have to use
> php through CGI/FastCGI
>
> mod_rewrite rocks.
>
> J3ffy
>
>
>
> On Fri, Sep 4, 2009 at 10:23 AM, J3ffy <deros...@gmail.com> wrote:
> > I've been developing a system that does server-to-server communication
> > using Basic HTTP Auth for authentication behind an SSL connection.
> > The requests are created and sent with the HttpSocket class. The
> > component that receives the requests uses the Security component to
> > force and check authentication.
>
> > Everything has been working great on multiple test systems, but on the
> > production host, none of the Authentication credentials were being
> > seen by the app. After a few hours of testing I discovered that on
> > all my test systems I'm using the Apache php module, but on the
> > production server, the php api is access through FastCGI. According
> > to the php documentation for HTTP authentication here:
> >http://us3.php.net/manual/en/features.http-auth.phpthe HTTP
> > authentication hooks are only available when using the apache module
> > and not for php through cgi.
>
> > It seems that I'm going to have to change my approach to
> > authenticating, but I have no idea what to change it to. Do you folks
> > have any suggestions?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment