|
NAMEPlack::Middleware::Auth::Digest - Digest authenticationSYNOPSISenable "Auth::Digest", realm => "Secured", secret => "blahblahblah", authenticator => sub { my ($username, $env) = @_; return $password; # for $username }; # Or return MD5 hash of "$username:$realm:$password" enable "Auth::Digest", realm => "Secured", secret => "blahblahblah", password_hashed => 1, authenticator => sub { return $password_hashed }; DESCRIPTIONPlack::Middleware::Auth::Digest is a Plack middleware component that enables Digest authentication. Your "authenticator" callback is called using two parameters: a username as a string and the PSGI $env hash. Your callback should return a password, either as a raw password or a hashed password.CONFIGURATIONS
LIMITATIONSThis middleware expects that the application has a full access to the headers sent by clients in PSGI environment. That is normally the case with standalone Perl PSGI web servers such as Starman or HTTP::Server::Simple::PSGI.However, in a web server configuration where you can't achieve this (i.e. using your application via Apache's mod_cgi), this middleware does not work since your application can't know the value of "Authorization:" header. If you use Apache as a web server and CGI to run your PSGI application, you can either a) compile Apache with "-DSECURITY_HOLE_PASS_AUTHORIZATION" option, or b) use mod_rewrite to pass the Authorization header to the application with the rewrite rule like following. RewriteEngine on RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] AUTHORYuji Shimada <xaicron@cpan.org>Tatsuhiko Miyagawa COPYRIGHTYuji Shimada, Tatsuhiko Miyagawa 2010-SEE ALSOPlack::Middleware::Auth::BasicLICENSEThis library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Visit the GSP FreeBSD Man Page Interface. |