Re: [Cppcms-users] Integrated FastCGI module
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] Integrated FastCGI module
|
From: Szabolcs R. <rim...@go...> - 2012-12-21 09:48:41
|
No, these are not static files. The client is a user interface of a cluster controller, so the resources are basically funtions that either control some hardware or generate an XML result as response. I'm thinking now of using the regular Responder mode and implement the authorizer functionality manually, before the request is processed. I would like to use the cppcms dispatcher mechanism but I'm not sure at which point I would be able to grab the request and have the option to reject it (if the user does not have sufficient rights). It would be good to do it at a central point, before the dispatcher routes to the processing funtions. I thought that the Init() of the object that I can pass to dispatcher::assign could be helpful, but can I access the request (e.g. the url) at that point and reject the execution of the assigned function if the user does not have access right? Sab 2012/12/21 Lee Elenbaas <lee...@gm...> > if what you need is to authorize static files - just serve them all > through the CppCMS app to the client > then the cppcms can use headers to serve the files back from the lighty or > return unauthorize response if you need to deny it > > > On Thu, Dec 20, 2012 at 2:36 PM, Sab <rim...@gm...> wrote: > >> True. Simply adding FCGI_AUTHORIZER in fastcgi_api.cpp line 440) worked >> out fine. I get the request and can deny it by returning 401. That's cool. >> >> BUT! >> >> I just can't digest the fact that there is no info about the url in this >> authorize request message! The CONTENT_LENGTH, PATH_INFO, >> PATH_TRANSLATED, >> and SCRIPT_NAME are in fact empty. How stupid is that!?!? You were right: >> this authorizer feature of FastCGI is absolutely useless without knowing >> what the user actually tries to access! >> >> I think I will just use a responder and implement the authorizer myself >> before processing the request. I wanted to keep the authorization >> separated >> from the processing but that will not work out. >> >> Thanks so much for your hints. >> >> Sab >> >> >> >> ------------------------------------------------------------------------------ >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial >> Remotely access PCs and mobile devices and provide instant support >> Improve your efficiency, and focus on delivering more value-add services >> Discover what IT Professionals Know. Rescue delivers >> http://p.sf.net/sfu/logmein_12329d2d >> _______________________________________________ >> Cppcms-users mailing list >> Cpp...@li... >> https://lists.sourceforge.net/lists/listinfo/cppcms-users >> > > > > -- > -- > lee > Lee Elenbaas > lee...@gm... > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > > |
