[Melbourne-pm] Perl web application framework recommendations
David Dick
david_dick at iprimus.com.au
Tue Aug 17 16:51:45 CDT 2004
David Dick wrote:
>
>>>>> single sign on is a necessary thing sometimes thou, and as
>>>>> mentioned by paul the mod_perl.com example is a good one. It just
>>>>> depends on whether your application needs to jump across multiple
>>>>> domains.
>>>>>
>>>> Actually using Basic Auth still allows single sign on. You simply
>>>> check for that before returning the 401.
>>>
>>>
>>>
>>> my bad english... i meant single sign on for multiple servers...
>>
>>
>>
>> Yeah, that is what I mean. Single sign on is usually done by adding a
>> special header (ala passport).
>>
>>> eg. get a auth ticket from security.example.com, and use it to visit
>>> application.example.com and mail.example.com...
>>
>>
>>
>> Exactly :-)
>>
>
> Ok. Happy to concede you've impressed the hell outta me. You have
> strange and mysterious powers beyond the ken of mortal man. Can you
> show me how the following should play out?
>
GET / HTTP/1.1
Host: london.britain.org
HTTP/1.1 401 Authorisation Required
Content-Type: text/html
WWW-Authenticate: Basic Realm="Rogue Robots"
GET / HTTP/1.1
Host: london.britain.org
Authorization: Basic cGVuZm9sZDpwZW5mb2xk
HTTP/1.1 200 OK
Content-Type: text/html
GET /baron/greenback HTTP/1.1
Host: london.britain.org
Authorization: Basic cGVuZm9sZDpwZW5mb2xk
HTTP/1.1 200 OK
Content-Type: text/html
GET /silas/greenback HTTP/1.1
Host: scotland.britain.org
HTTP/1.1 401 Authorisation Required
Content-Type: text/html
WWW-Authenticate: Basic Realm="Who Stole the Bagpipes?"
GET /silas/greenback HTTP/1.1
Host: scotland.britain.org
Authorization: Basic cGVuZm9sZDpwZW5mb2xk
>
> What did i miss?
*ahem* Amended Host headers should be easier to demonstrate with. :)
More information about the Melbourne-pm
mailing list