Thread: [Cppcms-users] Integrated FastCGI module
Brought to you by:
artyom-beilis
Menu
▾
▴
cppcms-users
|
From: Sab <rim...@gm...> - 2012-12-17 17:24:59
|
Hi All, I would like to create a connection between a Webserver (Lighty) and an already existing C++ application. Both web server and the application run on the same system, an embedded linux platform. Next to it’s regular tasks, the application would need to monitor the user’s HTTP-Requests and allow or deny them according to the rights of the currently logged in user. I figured FastCGI could be the answer as it can be configured to run in "authorizer" mode, which seems to be matching what I need. So now I’m trying to find out how to integrate a FastCGI-Module into my existing application. As the database, where the user rights are stored is part of my application, I would like the fcgi module to run IN the application, in a separate thread, instead of as a separate executable. I see the common usage is the later but that wouldn’t work for me. I checked the FastCGI DevKit library "fcgiapp" and found that the module has to be either launched by the server (bin-path) or if I want to make it run independently from the web server, it has to be started with spawn-fcgi. Non of these options seems to help in my case, because as mentioned, the module has to be a PART of my existing application. Does CppCMS support also only stand alone modules? Or would CppCMS help in the realization of the above mentioned constellation? Does it support the Authorizer mode and allow me to parse the header of the request (uri, operation:GET/POST/DELETE..., user name, password)? I would very much appreciate any tip or comment, in which direction I should start. Thanks, Sab |
|
From: Shiv S. D. <shi...@gm...> - 2012-12-17 18:24:04
|
Hi, You can develop your application as a cppcms application and lighty can use that application as fastcgi application. You can find configuration options in documentation section. Hope this helps. Regards, Shiv On 12/17/12, Sab <rim...@gm...> wrote: > Hi All, > > I would like to create a connection between a Webserver (Lighty) and an > already > existing C++ application. Both web server and the application run on the > same > system, an embedded linux platform. Next to it’s regular tasks, the > application > would need to monitor the user’s HTTP-Requests and allow or deny them > according > to the rights of the currently logged in user. I figured FastCGI could be > the > answer as it can be configured to run in "authorizer" mode, which seems to > be > matching what I need. > > So now I’m trying to find out how to integrate a FastCGI-Module into my > existing > application. As the database, where the user rights are stored is part of my > application, I would like the fcgi module to run IN the application, in a > separate thread, instead of as a separate executable. I see the common usage > is > the later but that wouldn’t work for me. > > I checked the FastCGI DevKit library "fcgiapp" and found that the module has > to > be either launched by the server (bin-path) or if I want to make it run > independently from the web server, it has to be started with spawn-fcgi. Non > of > these options seems to help in my case, because as mentioned, the module has > to > be a PART of my existing application. > > Does CppCMS support also only stand alone modules? Or would CppCMS help in > the > realization of the above mentioned constellation? Does it support the > Authorizer > mode and allow me to parse the header of the request (uri, > operation:GET/POST/DELETE..., user name, password)? > > I would very much appreciate any tip or comment, in which direction I should > start. > > Thanks, > Sab > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > -- Best regards, Shiv Shankar Dayal |
|
From: Lee E. <lee...@gm...> - 2012-12-17 21:32:19
|
Also developing your app as an cppcms app does not prevent your app from working as anything else - since you are the one building the main function. On Mon, Dec 17, 2012 at 8:23 PM, Shiv Shankar Dayal < shi...@gm...> wrote: > Hi, > > You can develop your application as a cppcms application and lighty > can use that application as fastcgi application. You can find > configuration options in documentation section. > > Hope this helps. > > Regards, > Shiv > > On 12/17/12, Sab <rim...@gm...> wrote: > > Hi All, > > > > I would like to create a connection between a Webserver (Lighty) and an > > already > > existing C++ application. Both web server and the application run on the > > same > > system, an embedded linux platform. Next to it’s regular tasks, the > > application > > would need to monitor the user’s HTTP-Requests and allow or deny them > > according > > to the rights of the currently logged in user. I figured FastCGI could be > > the > > answer as it can be configured to run in "authorizer" mode, which seems > to > > be > > matching what I need. > > > > So now I’m trying to find out how to integrate a FastCGI-Module into my > > existing > > application. As the database, where the user rights are stored is part > of my > > application, I would like the fcgi module to run IN the application, in a > > separate thread, instead of as a separate executable. I see the common > usage > > is > > the later but that wouldn’t work for me. > > > > I checked the FastCGI DevKit library "fcgiapp" and found that the module > has > > to > > be either launched by the server (bin-path) or if I want to make it run > > independently from the web server, it has to be started with spawn-fcgi. > Non > > of > > these options seems to help in my case, because as mentioned, the module > has > > to > > be a PART of my existing application. > > > > Does CppCMS support also only stand alone modules? Or would CppCMS help > in > > the > > realization of the above mentioned constellation? Does it support the > > Authorizer > > mode and allow me to parse the header of the request (uri, > > operation:GET/POST/DELETE..., user name, password)? > > > > I would very much appreciate any tip or comment, in which direction I > should > > start. > > > > Thanks, > > Sab > > > > > > > > > ------------------------------------------------------------------------------ > > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > > Remotely access PCs and mobile devices and provide instant support > > Improve your efficiency, and focus on delivering more value-add services > > Discover what IT Professionals Know. Rescue delivers > > http://p.sf.net/sfu/logmein_12329d2d > > _______________________________________________ > > Cppcms-users mailing list > > Cpp...@li... > > https://lists.sourceforge.net/lists/listinfo/cppcms-users > > > > > -- > Best regards, > Shiv Shankar Dayal > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > -- -- lee Lee Elenbaas lee...@gm... |
|
From: Sab <rim...@gm...> - 2012-12-18 14:52:13
|
Thanks for the answers.
I built the hello word app and configured my Lighty to look for the application
on port 9000 as a FastCGI module. It seems to work fine, the main function gets
called and I can send a response back to the server. So that looks just fine.
But as soon as I configure Lighty to run in authorizer mode, my application does
not receive the request. As far as I understand the authorizer mode, the server
should first send the request to the FastCGI module, the module should decide if
the access is granted or not and return accordingly a 200 or 401 as status in
the response. But I don't receive the request in my CppCMS app. According to the
server's error.log, the fastcgi module is called and it returns immediately with
no further comment, so it goes on to find the physical path (which in my case
does not exists but that shouldn't be the reason not to execute the FastCGI
function).
What am I doing wrong?
My config.js:
{
"service" : {
"api" : "fastcgi",
"port" : 9000,
"ip" : "127.0.0.1"
}
}
The critical parts of my lighttpd.conf:
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_accesslog",
"mod_fastcgi",
"mod_rewrite"
)
fastcgi.server = (
"" =>
(( "host" => "127.0.0.1",
"port" => 9000,
"check-local" => "disable",
"docroot" => "/",
"mode" => "authorizer"
))
)
This is my error.log:
2012-12-18 13:15:16: (request.c.304) fd: 8 request-len: 406
GET /test24 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.16) Gecko/20120511
Iceweasel/3.5.16 (like Firefox/3.5.16)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
2012-12-18 13:15:16: (response.c.241) run condition
2012-12-18 13:15:16: (response.c.300) -- splitting Request-URI
2012-12-18 13:15:16: (response.c.301) Request-URI : /test24
2012-12-18 13:15:16: (response.c.302) URI-scheme : http
2012-12-18 13:15:16: (response.c.303) URI-authority: localhost
2012-12-18 13:15:16: (response.c.304) URI-path : /test24
2012-12-18 13:15:16: (response.c.305) URI-query :
2012-12-18 13:15:16: (response.c.349) -- sanatising URI
2012-12-18 13:15:16: (response.c.350) URI-path : /test24
2012-12-18 13:15:16: (mod_access.c.135) -- mod_access_uri_handler called
2012-12-18 13:15:16: (mod_fastcgi.c.3636) handling it in mod_fastcgi
2012-12-18 13:15:16: (response.c.470) -- before doc_root
2012-12-18 13:15:16: (response.c.471) Doc-Root : /var/www
2012-12-18 13:15:16: (response.c.472) Rel-Path : /test24
2012-12-18 13:15:16: (response.c.473) Path :
2012-12-18 13:15:16: (response.c.521) -- after doc_root
2012-12-18 13:15:16: (response.c.522) Doc-Root : /var/www
2012-12-18 13:15:16: (response.c.523) Rel-Path : /test24
2012-12-18 13:15:16: (response.c.524) Path : /var/www/test24
2012-12-18 13:15:16: (response.c.541) -- logical -> physical
2012-12-18 13:15:16: (response.c.542) Doc-Root : /var/www
2012-12-18 13:15:16: (response.c.543) Rel-Path : /test24
2012-12-18 13:15:16: (response.c.544) Path : /var/www/test24
2012-12-18 13:15:17: (mod_fastcgi.c.3061) got proc: pid: 0 socket:
tcp:127.0.0.1:9000 load: 1
2012-12-18 13:15:17: (mod_fastcgi.c.1492) released proc: pid: 0 socket:
tcp:127.0.0.1:9000 load: 0
2012-12-18 13:15:17: (response.c.561) -- handling physical path
2012-12-18 13:15:17: (response.c.562) Path : //test24
2012-12-18 13:15:17: (response.c.618) -- file not found
2012-12-18 13:15:17: (response.c.619) Path : //test24
2012-12-18 13:15:17: (response.c.128) Response-Header:
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Tue, 18 Dec 2012 12:15:17 GMT
Server: lighttpd/1.4.28
Any suggestions?
Thanks,
Sab
|
|
From: Artyom B. <art...@ya...> - 2012-12-19 07:36:53
|
CppCMS does not support "authorizer" FastCGI mode (and honestly I'm not aware of any framework that does, correct me if I wrong). authorizer FastCGI request is quite unusual one and not frequently used. Quoting original main > HTTP-Requests and allow or deny them according to the rights of the currently logged in user." Usually user management is done using session cookies. Can you explain what are you trying to do, maybe it can be done withoutusing lighttpd/fastcgi authorization module? For example if you want to serve some static files according to some permissions, there are other ways to do it. Also if you must to use fastcgi authorizer (which is basically simple responder with status for authorization requests) you can start a speparate thread and use libfastcgi directly, see: http://www.fastcgi.com/devkit/examples/authorizer.c Artyom Beilis -------------- CppCMS - C++ Web Framework: http://cppcms.com/ CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/ >________________________________ > From: Sab <rim...@gm...> >To: cpp...@li... >Sent: Tuesday, December 18, 2012 4:51 PM >Subject: Re: [Cppcms-users] Integrated FastCGI module > >Thanks for the answers. > >I built the hello word app and configured my Lighty to look for the application >on port 9000 as a FastCGI module. It seems to work fine, the main function gets >called and I can send a response back to the server. So that looks just fine. > >But as soon as I configure Lighty to run in authorizer mode, my application does >not receive the request. As far as I understand the authorizer mode, the server >should first send the request to the FastCGI module, the module should decide if >the access is granted or not and return accordingly a 200 or 401 as status in >the response. But I don't receive the request in my CppCMS app. According to the >server's error.log, the fastcgi module is called and it returns immediately with >no further comment, so it goes on to find the physical path (which in my case >does not exists but that shouldn't be the reason not to execute the FastCGI >function). > >What am I doing wrong? > >My config.js: >{ > "service" : { > "api" : "fastcgi", > "port" : 9000, > "ip" : "127.0.0.1" > } >} > >The critical parts of my lighttpd.conf: >server.modules = ( > "mod_access", > "mod_alias", > "mod_compress", > "mod_redirect", > "mod_accesslog", > "mod_fastcgi", > "mod_rewrite" >) > >fastcgi.server = ( > "" => > (( "host" => "127.0.0.1", > "port" => 9000, > "check-local" => "disable", > "docroot" => "/", > "mode" => "authorizer" > )) >) > >This is my error.log: > >2012-12-18 13:15:16: (request.c.304) fd: 8 request-len: 406 >GET /test24 HTTP/1.1 >Host: localhost >User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.16) Gecko/20120511 >Iceweasel/3.5.16 (like Firefox/3.5.16) >Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 >Accept-Encoding: gzip,deflate >Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >Keep-Alive: 300 >Connection: keep-alive > >2012-12-18 13:15:16: (response.c.241) run condition >2012-12-18 13:15:16: (response.c.300) -- splitting Request-URI >2012-12-18 13:15:16: (response.c.301) Request-URI : /test24 >2012-12-18 13:15:16: (response.c.302) URI-scheme : http >2012-12-18 13:15:16: (response.c.303) URI-authority: localhost >2012-12-18 13:15:16: (response.c.304) URI-path : /test24 >2012-12-18 13:15:16: (response.c.305) URI-query : >2012-12-18 13:15:16: (response.c.349) -- sanatising URI >2012-12-18 13:15:16: (response.c.350) URI-path : /test24 >2012-12-18 13:15:16: (mod_access.c.135) -- mod_access_uri_handler called >2012-12-18 13:15:16: (mod_fastcgi.c.3636) handling it in mod_fastcgi >2012-12-18 13:15:16: (response.c.470) -- before doc_root >2012-12-18 13:15:16: (response.c.471) Doc-Root : /var/www >2012-12-18 13:15:16: (response.c.472) Rel-Path : /test24 >2012-12-18 13:15:16: (response.c.473) Path : >2012-12-18 13:15:16: (response.c.521) -- after doc_root >2012-12-18 13:15:16: (response.c.522) Doc-Root : /var/www >2012-12-18 13:15:16: (response.c.523) Rel-Path : /test24 >2012-12-18 13:15:16: (response.c.524) Path : /var/www/test24 >2012-12-18 13:15:16: (response.c.541) -- logical -> physical >2012-12-18 13:15:16: (response.c.542) Doc-Root : /var/www >2012-12-18 13:15:16: (response.c.543) Rel-Path : /test24 >2012-12-18 13:15:16: (response.c.544) Path : /var/www/test24 >2012-12-18 13:15:17: (mod_fastcgi.c.3061) got proc: pid: 0 socket: >tcp:127.0.0.1:9000 load: 1 >2012-12-18 13:15:17: (mod_fastcgi.c.1492) released proc: pid: 0 socket: >tcp:127.0.0.1:9000 load: 0 >2012-12-18 13:15:17: (response.c.561) -- handling physical path >2012-12-18 13:15:17: (response.c.562) Path : //test24 >2012-12-18 13:15:17: (response.c.618) -- file not found >2012-12-18 13:15:17: (response.c.619) Path : //test24 >2012-12-18 13:15:17: (response.c.128) Response-Header: >HTTP/1.1 404 Not Found >Content-Type: text/html >Content-Length: 345 >Date: Tue, 18 Dec 2012 12:15:17 GMT >Server: lighttpd/1.4.28 > >Any suggestions? > >Thanks, >Sab > > > > > >------------------------------------------------------------------------------ >LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >Remotely access PCs and mobile devices and provide instant support >Improve your efficiency, and focus on delivering more value-add services >Discover what IT Professionals Know. Rescue delivers >http://p.sf.net/sfu/logmein_12329d2d >_______________________________________________ >Cppcms-users mailing list >Cpp...@li... >https://lists.sourceforge.net/lists/listinfo/cppcms-users > > > |
|
From: Artyom B. <art...@ya...> - 2012-12-19 07:51:16
|
One small note: I don't think there should be a big problem to change fastcgi connector to handle authorizer requests. I think it should be enough to accept role == FCGI_AUTHORIZER in addition to role == FCGI_RESPONDER in fastcgi_api.cpp line 440) but you should be aware of the following fastcgi specs: The Authorizer application receives HTTP request information from the Web server on the FCGI_PARAMS stream, in the same format as a Responder. The Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME headers Which makes it quite useless for control of specific files as PATH_INFO and SCRIPT_NAME are critical for content detection. Artyom Beilis -------------- CppCMS - C++ Web Framework: http://cppcms.com/ CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/ >________________________________ > From: Artyom Beilis <art...@ya...> >To: "cpp...@li..." <cpp...@li...> >Sent: Wednesday, December 19, 2012 9:36 AM >Subject: Re: [Cppcms-users] Integrated FastCGI module > > >CppCMS does not support "authorizer" FastCGI mode (and honestly I'm not aware of any framework that does, correct me if I wrong). > >authorizer FastCGI request is quite unusual one and not frequently used. > > >Quoting original main > >> HTTP-Requests and allow or deny them according to the rights of the currently logged in user." > >Usually user management is done using session cookies. Can you explain what are you trying to do, maybe >it can be done withoutusing lighttpd/fastcgi authorization module? > >For example if you want to serve some static files according to some permissions, there are other ways to do it. > >Also if you must to use fastcgi authorizer (which is basically simple responder with status for authorization requests) you can start a speparate thread and use libfastcgi directly, see: > >http://www.fastcgi.com/devkit/examples/authorizer.c > > > >Artyom Beilis >-------------- >CppCMS - C++ Web Framework: http://cppcms.com/ >CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/ > > > >>________________________________ >> From: Sab <rim...@gm...> >>To: cpp...@li... >>Sent: Tuesday, December 18, 2012 4:51 PM >>Subject: Re: [Cppcms-users] Integrated FastCGI module >> >>Thanks for the answers. >> >>I built the hello word app and configured my Lighty to look for the application >>on port 9000 as a FastCGI module. It seems to work fine, the main function gets >>called and I can send a response back to the server. So that looks just fine. >> >>But as soon as I configure Lighty to run in authorizer mode, my application does >>not receive the request. As far as I understand the authorizer mode, the server >>should first send the request to the FastCGI module, the module should decide if >>the access is granted or not and return accordingly a 200 or 401 as status in >>the response. But I don't receive the request in my CppCMS app. According to the >>server's error.log, the fastcgi module is called and it returns immediately with >>no further comment, so it goes on to find the physical path (which in my case >>does not exists but that shouldn't be the reason not to execute the FastCGI >>function). >> >>What am I doing wrong? >> >>My config.js: >>{ >> "service" : { >> "api" : "fastcgi", >> "port" : 9000, >> "ip" : "127.0.0.1" >> } >>} >> >>The critical parts of my lighttpd.conf: >>server.modules = ( >> "mod_access", >> "mod_alias", >> "mod_compress", >> "mod_redirect", >> "mod_accesslog", >> "mod_fastcgi", >> "mod_rewrite" >>) >> >>fastcgi.server = ( >> "" => >> (( "host" => "127.0.0.1", >> "port" => 9000, >> "check-local" => "disable", >> "docroot" => "/", >> "mode" => "authorizer" >> )) >>) >> >>This is my error.log: >> >>2012-12-18 13:15:16: (request.c.304) fd: 8 request-len: 406 >>GET /test24 HTTP/1.1 >>Host: localhost >>User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.16) Gecko/20120511 >>Iceweasel/3.5.16 (like Firefox/3.5.16) >>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >>Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 >>Accept-Encoding: gzip,deflate >>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >>Keep-Alive: 300 >>Connection: keep-alive >> >>2012-12-18 13:15:16: (response.c.241) run condition >>2012-12-18 13:15:16: (response.c.300) -- splitting Request-URI >>2012-12-18 13:15:16: (response.c.301) Request-URI : /test24 >>2012-12-18 13:15:16: (response.c.302) URI-scheme : http >>2012-12-18 13:15:16: (response.c.303) URI-authority: localhost >>2012-12-18 13:15:16: (response.c.304) URI-path : /test24 >>2012-12-18 13:15:16: (response.c.305) URI-query : >>2012-12-18 13:15:16: (response.c.349) -- sanatising URI >>2012-12-18 13:15:16: (response.c.350) URI-path : /test24 >>2012-12-18 13:15:16: (mod_access.c.135) -- mod_access_uri_handler called >>2012-12-18 13:15:16: (mod_fastcgi.c.3636) handling it in mod_fastcgi >>2012-12-18 13:15:16: (response.c.470) -- before doc_root >>2012-12-18 13:15:16: (response.c.471) Doc-Root : /var/www >>2012-12-18 13:15:16: (response.c.472) Rel-Path : /test24 >>2012-12-18 13:15:16: (response.c.473) Path : >>2012-12-18 13:15:16: (response.c.521) -- after doc_root >>2012-12-18 13:15:16: (response.c.522) Doc-Root : /var/www >>2012-12-18 13:15:16: (response.c.523) Rel-Path : /test24 >>2012-12-18 13:15:16: (response.c.524) Path : /var/www/test24 >>2012-12-18 13:15:16: (response.c.541) -- logical -> physical >>2012-12-18 13:15:16: (response.c.542) Doc-Root : /var/www >>2012-12-18 13:15:16: (response.c.543) Rel-Path : /test24 >>2012-12-18 13:15:16: (response.c.544) Path : /var/www/test24 >>2012-12-18 13:15:17: (mod_fastcgi.c.3061) got proc: pid: 0 socket: >>tcp:127.0.0.1:9000 load: 1 >>2012-12-18 13:15:17: (mod_fastcgi.c.1492) released proc: pid: 0 socket: >>tcp:127.0.0.1:9000 load: 0 >>2012-12-18 13:15:17: (response.c.561) -- handling physical path >>2012-12-18 13:15:17: (response.c.562) Path : //test24 >>2012-12-18 13:15:17: (response.c.618) -- file not found >>2012-12-18 13:15:17: (response.c.619) Path : //test24 >>2012-12-18 13:15:17: (response.c.128) Response-Header: >>HTTP/1.1 404 Not Found >>Content-Type: text/html >>Content-Length: 345 >>Date: Tue, 18 Dec 2012 12:15:17 GMT >>Server: lighttpd/1.4.28 >> >>Any suggestions? >> >>Thanks, >>Sab >> >> >> >> >> >>------------------------------------------------------------------------------ >>LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >>Remotely access PCs and mobile devices and provide instant support >>Improve your efficiency, and focus on delivering more value-add services >>Discover what IT Professionals Know. Rescue delivers >>http://p.sf.net/sfu/logmein_12329d2d >>_______________________________________________ >>Cppcms-users mailing list >>Cpp...@li... >>https://lists.sourceforge.net/lists/listinfo/cppcms-users >> >> >> >------------------------------------------------------------------------------ >LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >Remotely access PCs and mobile devices and provide instant support >Improve your efficiency, and focus on delivering more value-add services >Discover what IT Professionals Know. Rescue delivers >http://p.sf.net/sfu/logmein_12329d2d >_______________________________________________ >Cppcms-users mailing list >Cpp...@li... >https://lists.sourceforge.net/lists/listinfo/cppcms-users > > > |
|
From: Sab <rim...@gm...> - 2012-12-20 12:36:32
|
True. Simply adding FCGI_AUTHORIZER in fastcgi_api.cpp line 440) worked out fine. I get the request and can deny it by returning 401. That's cool. BUT! I just can't digest the fact that there is no info about the url in this authorize request message! The CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME are in fact empty. How stupid is that!?!? You were right: this authorizer feature of FastCGI is absolutely useless without knowing what the user actually tries to access! I think I will just use a responder and implement the authorizer myself before processing the request. I wanted to keep the authorization separated from the processing but that will not work out. Thanks so much for your hints. Sab |
|
From: Lee E. <lee...@gm...> - 2012-12-20 23:23:31
|
if what you need is to authorize static files - just serve them all through the CppCMS app to the client then the cppcms can use headers to serve the files back from the lighty or return unauthorize response if you need to deny it On Thu, Dec 20, 2012 at 2:36 PM, Sab <rim...@gm...> wrote: > True. Simply adding FCGI_AUTHORIZER in fastcgi_api.cpp line 440) worked > out fine. I get the request and can deny it by returning 401. That's cool. > > BUT! > > I just can't digest the fact that there is no info about the url in this > authorize request message! The CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, > and SCRIPT_NAME are in fact empty. How stupid is that!?!? You were right: > this authorizer feature of FastCGI is absolutely useless without knowing > what the user actually tries to access! > > I think I will just use a responder and implement the authorizer myself > before processing the request. I wanted to keep the authorization separated > from the processing but that will not work out. > > Thanks so much for your hints. > > Sab > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > -- -- lee Lee Elenbaas lee...@gm... |
|
From: Szabolcs R. <rim...@go...> - 2012-12-21 09:48:41
|
No, these are not static files. The client is a user interface of a cluster controller, so the resources are basically funtions that either control some hardware or generate an XML result as response. I'm thinking now of using the regular Responder mode and implement the authorizer functionality manually, before the request is processed. I would like to use the cppcms dispatcher mechanism but I'm not sure at which point I would be able to grab the request and have the option to reject it (if the user does not have sufficient rights). It would be good to do it at a central point, before the dispatcher routes to the processing funtions. I thought that the Init() of the object that I can pass to dispatcher::assign could be helpful, but can I access the request (e.g. the url) at that point and reject the execution of the assigned function if the user does not have access right? Sab 2012/12/21 Lee Elenbaas <lee...@gm...> > if what you need is to authorize static files - just serve them all > through the CppCMS app to the client > then the cppcms can use headers to serve the files back from the lighty or > return unauthorize response if you need to deny it > > > On Thu, Dec 20, 2012 at 2:36 PM, Sab <rim...@gm...> wrote: > >> True. Simply adding FCGI_AUTHORIZER in fastcgi_api.cpp line 440) worked >> out fine. I get the request and can deny it by returning 401. That's cool. >> >> BUT! >> >> I just can't digest the fact that there is no info about the url in this >> authorize request message! The CONTENT_LENGTH, PATH_INFO, >> PATH_TRANSLATED, >> and SCRIPT_NAME are in fact empty. How stupid is that!?!? You were right: >> this authorizer feature of FastCGI is absolutely useless without knowing >> what the user actually tries to access! >> >> I think I will just use a responder and implement the authorizer myself >> before processing the request. I wanted to keep the authorization >> separated >> from the processing but that will not work out. >> >> Thanks so much for your hints. >> >> Sab >> >> >> >> ------------------------------------------------------------------------------ >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >> Remotely access PCs and mobile devices and provide instant support >> Improve your efficiency, and focus on delivering more value-add services >> Discover what IT Professionals Know. Rescue delivers >> http://p.sf.net/sfu/logmein_12329d2d >> _______________________________________________ >> Cppcms-users mailing list >> Cpp...@li... >> https://lists.sourceforge.net/lists/listinfo/cppcms-users >> > > > > -- > -- > lee > Lee Elenbaas > lee...@gm... > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > > |
|
From: Sab <rim...@gm...> - 2012-12-21 09:51:27
|
No, these are not static files. The client is a user interface of a cluster controller, so the resources are basically funtions that either control some hardware or generate an XML result as response. I'm thinking now of using the regular Responder mode and implement the authorizer functionality manually, before the request is processed. I would like to use the cppcms dispatcher mechanism but I'm not sure at which point I would be able to grab the request and have the option to reject it (if the user does not have sufficient rights). It would be good to do it at a central point, before the dispatcher routes to the processing funtions. I thought that the Init() of the object that I can pass to dispatcher::assign could be helpful, but can I access the request (e.g. the url) at that point and reject the execution of the assigned function if the user does not have access right? Sab |
|
From: Artyom B. <art...@ya...> - 2012-12-21 09:59:49
|
First of all you can override the main() function of topmost application and check the requests before they are dispatched
for example
void main(std::string url)
{
if(this_is_valid_url_for_the_user(url)) {
// go to standard dispatching mechanism.
cppcms::application::main(url);
}
else {
response().make_error_response(401);
}
}
Also this thread may be helpful as it discuss roughly the same
http://thread.gmane.org/gmane.comp.lib.cppcms.user/691
Artyom Beilis
--------------
CppCMS - C++ Web Framework: http://cppcms.com/
CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/
>________________________________
> From: Sab <rim...@gm...>
>To: cpp...@li...
>Sent: Friday, December 21, 2012 11:51 AM
>Subject: Re: [Cppcms-users] Integrated FastCGI module
>
>No, these are not static files. The client is a user interface
>of a cluster controller, so the resources are basically funtions
>that either control some hardware or generate an XML result as
>response.
>
>I'm thinking now of using the regular Responder mode and implement
>the authorizer functionality manually, before the request is
>processed. I would like to use the cppcms dispatcher mechanism
>but I'm not sure at which point I would be able to grab the
>request and have the option to reject it (if the user does not
>have sufficient rights).
>
>It would be good to do it at a central point, before the
>dispatcher routes to the processing funtions. I thought that
>the Init() of the object that I can pass to dispatcher::assign
>could be helpful, but can I access the request (e.g. the url)
>at that point and reject the execution of the assigned function
>if the user does not have access right?
>
>Sab
>
>
>------------------------------------------------------------------------------
>LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>Remotely access PCs and mobile devices and provide instant support
>Improve your efficiency, and focus on delivering more value-add services
>Discover what IT Professionals Know. Rescue delivers
>http://p.sf.net/sfu/logmein_12329d2d
>_______________________________________________
>Cppcms-users mailing list
>Cpp...@li...
>https://lists.sourceforge.net/lists/listinfo/cppcms-users
>
>
> |
|
From: Sab <rim...@gm...> - 2012-12-21 11:43:59
|
Oh that's really neat! Works like a charm! Thanks so much for the quick advices. Sab |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X