[dancer-users] Apache environment in FCGI app

Keith Lawson Keith.Lawson at sjhc.london.on.ca
Fri Dec 6 21:35:31 GMT 2013 

>>>> Matt Mallard 12/05/13 3:45 PM >>>
>Hi Keith,
>
>   Have you tried 'PerlSetupEnv On' in the apache conf. I couldn't get
>   %ENV using Dancer2 in mod_perl until I set this.
>
>   I couldn't get CGI/FCGI to work properly with Dancer2 (they set up their
>                                                          own service on port 3000 instead of staying inside the CGI).
>

Actually I saw your thread earlier in the week about this so took a look at "PerlSetupEnv". Unless I'm mistaken that's a mod_perl directive and the way I have my app configured using CGI it won't make a difference. With my current configuration %ENV makes it to my dancer code, it's just not making it to my implementation of a  Dancer::Plugin::Auth::Extensible provider in tact. A dump shows a lot of %ENV keys get there but $ENV{REMOTE_USER} is gone for some reason and that's the key I rely on to ensure the Apache::AuthCookie authentication handlers have logged the user in.

>   Regards,
>   Matt
>   On 6/12/2013 5:22 am, Keith Lawson wrote:
>   > I didn't get any responses here or on IRC so I'm posting the solution I went with to get it archived.
>   >
>   >>>>> Keith Lawson 11/29/13 10:22 AM >>>
>   >> Hello,
>   >>
>   >> I'm working on my first Dancer application and want to deploy it in our standard server environment here.
>   >>
>   >> For authentication/authz we have custom mod_perl auth handlers that set Apache environment variables with user ID, group membership etc. >I'm trying to write an implementation of Dancer::Plugin::Auth::Extensible::Provider that does auth/authz by reading those environment variables however %ENV isn't populated in my Dancer app. Looking at the source of public/dispatch.fcgi I noticed the following:
>   >>
>   >> # For some reason Apache SetEnv directives dont propagate
>   >> # correctly to the dispatchers, so forcing PSGI and env here
>   >> # is safer.
>   >> set apphandler => 'PSGI';
>   >> set environment => 'production';
>   >>
>   >> Can anyone tell me if it's possible to get %ENV through to my Dancer app or perhaps a different approach for auth/authz that uses $ENV{REMOTE_USER} and our custom Apache environment variables?
>   >>
>   > I never did get FCGI to work so I tried regular CGI, here's my apache config for my app:
>   >
>   > SetEnv DANCER_ENVIRONMENT "development"
>   >
>   >
>   > AllowOverride None
>   > Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>   > Order allow,deny
>   > Allow from all
>   > AddHandler cgi-script .cgi
>   >
>   >
>   > ScriptAlias /filesafe /var/dancerdev/filesafe/public/dispatch.cgi
>   >
>   > This works but I had to comment out where %ENV keys were explicitly set in dispatch.cgi so that the Apache conf directives for dev/prod environment worked properly:
>   >
>   > --- dispatch.cgi.dist 2013-12-05 09:21:35.917592251 -0500
>   > +++ dispatch.cgi 2013-12-05 09:20:06.912736198 -0500
>   > @@ -6,8 +6,8 @@
>   > # For some reason Apache SetEnv directives dont propagate
>   > # correctly to the dispatchers, so forcing PSGI and env here
>   > # is safer.
>   > -set apphandler => 'PSGI';
>   > -set environment => 'production';
>   > +# set apphandler => 'PSGI';
>   > +# set environment => 'production';
>   >
>   > my $psgi = path($RealBin, '..', 'bin', 'app.pl');
>   > die "Unable to read startup script: $psgi" unless -r $psgi;
>   >
>   > My first crack at doing Dancer auth/authz was to write a provider for Dancer::Plugin::Auth::Extensible with subs that rely on %ENV like this:
>   >
>   > sub authenticate_user
>   > {
>       > my ($self, $username, $password) = @_;
>       > return $ENV{REMOTE_USER};
>       > }
>       >
>       > However I couldn't figure out why $ENV{REMOTE_USER} wasn't getting to the plugin so I gave up.
>       >
>       > I just ended up protecting portions of my new app with a stanza using our Apache2::AuthCookie auth handlers:
>       >
>       >
>       > order allow,deny
>       > allow from all
>       > AuthType Site::LDAPCookieHandler2
>       > AuthName dancerdev
>       > PerlAuthenHandler Site::LDAPCookieHandler2->authenticate
>       > PerlAuthzHandler Site::LDAPCookieHandler2->authorize
>       > require valid-user
>       > satisfy all
>       >
>       >
>       > Then in my dancer app I protect portions like this:
>       >
>       > get '/priv/hello' => sub
>       > {
>           > die unless $ENV{REMOTE_USER};
>           > return "Hi there ".$ENV{REMOTE_USER};
>           > };
>>
>>
>> This won't solve authorization for me but I won't have a need for this in this app.
>>
>>
>>> Thanks,
>    >> Keith.
>    >>
>    >>
>    >>
>    >
>    > --------------------------------------------------------------------------------
>    > This information is directed in confidence solely to the person named above and may contain confidential and/or privileged material. This information may not otherwise be distributed, copied or disclosed. If you have received this e-mail in error, please notify the sender immediately via a return e-mail and destroy original message. Thank you for your cooperation.
>    > _______________________________________________
>    > dancer-users mailing list
>    > dancer-users at dancer.pm
>    > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
>    _______________________________________________
>    dancer-users mailing list
>    dancer-users at dancer.pm
>    http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>
>


 --------------------------------------------------------------------------------
This information is directed in confidence solely to the person named above and may contain confidential and/or privileged material. This information may not otherwise be distributed, copied or disclosed. If you have received this e-mail in error, please notify the sender immediately via a return e-mail and destroy original message. Thank you for your cooperation.

More information about the dancer-users mailing list