Embedding Perl in HTML with Mason Chapter 11: Recipes- P2

Tham khảo tài liệu embedding perl in html with mason chapter 11: recipes- p2, công nghệ thông tin, kỹ thuật lập trình phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
Nội dung trích xuất từ tài liệu:
Embedding Perl in HTML with Mason Chapter 11: Recipes- P2 Chapter 11: Recipes- P2Making Use of AutoflushEvery once in a while you may have to output a very large component or fileto the client. Simply letting this accumulate in the buffer could use up a lotof memory. Furthermore, the slow response time may make the user thinkthat the site has stalled.Example 11-4 sends out the contents of a potentially large file withoutsucking up lots of memory.Example 11-4. send_file-autoflush.comp $filename local *FILE; open FILE, < $filename or die Cannot open$filename: $!; $m->autoflush(1); while () { $m->print($_); } $m->autoflush(0); If each line wasnt too huge, you might just flush the buffer every once in awhile, as in Example 11-5.Example 11-5. send_file-flush-every-10.comp $filename local *FILE; open FILE, < $filename or die Cannot open$filename: $!; while () { $m->print($_); $m->flush_buffer unless $. % 10; } $m->flush_buffer; The unless $. % 10 bit makes use of the special Perl variable $., whichis the current line number of the file being read. If this number modulo 10 isequal to zero, we flush the buffer. This means that we flush the buffer every10 lines. Replace the number 10 with any desired value.User Authentication and AuthorizationOne problem that web sites have to solve over and over is userauthentication and authorization. These two topics are related but not thesame, as some might think. Authentication is the process of figuring out ifsomeone is who he says he is, and usually involves checking passwords orkeys of some sort. Authorization comes after this, when we want todetermine whether or not a particular person is allowed to perform a certainaction.There are a number of modules on CPAN intended to help do these thingsunder mod_perl. In fact, Apache has separate request-handling phases forboth authentication and authorization that mod_perl can handle. It iscertainly possible to use these modules with Mason.You can also do authentication and authorization using Mason components(as seen in Chapter 8). Authentication will usually involve some sort ofrequest for a login and password, after which you give the user some sort oftoken (either in a cookie or a session) that indicates that he has beenauthenticated. You can then check the validity of this token for each request.If you have such a token, authorization simply consists of checking that theuser to whom the token belongs is allowed to perform a given action.Using Apache::AuthCookieThe Apache::AuthCookie module, available from CPAN, handles bothauthentication and authorization via mod_perl and can be easily hookedinto Mason. Lets just skip all the details of configuringApache::AuthCookie, which requires various settings in your serverconfig file, and show how to make the interface to Mason.Apache::AuthCookie requires that you create a login script that willbe executed the first time a browser tries to access a protected area. Callingthis a script is actually somewhat misleading since it is really a page ratherthan a script (though it could be a script that generates a page). Regardless,using a Mason component for your login script merely requires that youspecify the path to your Mason component for the login script parameter.Well call this script AuthCookieLoginForm-login.comp,as shown inExample 11-6.Example 11-6. AuthCookieLoginForm-login.comp Mason Book AuthCookie Login Form Your attempt to access this document was denied (prev->subprocess_env(AuthCookieReason)%>). Please enter your username and password. Username: Password: This component is a modified version of the example login script includedwith the Apache::AuthCookie distribution.The action used for this form, /AuthCookieLoginSubmit, is configured aspart of your AuthCookie configuration in your httpd.conf file.That is about it for interfacing this module with Mason. The rest ofauthentication and authorization is handled by configuring mod_perl touse Apache::AuthCookie to protect anything on your site that needsauthorization. A very simple configuration might include the followingdirectives: PerlSetVar MasonBookLoginScript/AuthCookieLoginForm.comp AuthType MasonBook::AuthCookieHandler AuthName MasonBook SetHandler perl-script PerlHandler MasonBook::AuthCookieHandler->login AuthType MasonBook::AuthCookieHandler AuthName MasonBook PerlAuthenHandler MasonBook::AuthCookieHandler->authenticate PerlAuthzHandler MasonBook::AuthCookieHandler->authorize require valid-user The MasonBook::AuthCookieHandler module would look like this: package MasonBook::AuthCookieHandler; use strict; use base qw(Apache::AuthCookie); use Digest::SHA1; my $secret = You think Id tell you? Hah!; sub authen_cred { my $self = shift; my $r = shift; my ($username, $password) = @_; # implementing _is_valid_user() is out of thescope of this chapter if ( _is_valid_user($username, $password) ) { my $session_key = $username . :: .Digest::SHA1::sha1_hex( $username, $secret ); return $session_key; } } sub authen_ses_key { my $self = shift; my $r = shift; my $session_key = shift; my ($username, $mac) = split /::/,$session_key; if ( Digest::SHA1::sha1_hex( $username,$secret ) eq $mac ) { return $session_key; } }This provides the minimal interface an Apache::AuthCookie subclassn ...