1Plack::Middleware::AuthU:s:eBrasCiocn(t3r)ibuted Perl DoPcluamcekn:t:aMtiidodnleware::Auth::Basic(3)
2
3
4

NAME

6       Plack::Middleware::Auth::Basic - Simple basic authentication middleware
7

SYNOPSIS

9         use Plack::Builder;
10         my $app = sub { ... };
11
12         builder {
13             enable "Auth::Basic", authenticator => \&authen_cb;
14             $app;
15         };
16
17         sub authen_cb {
18             my($username, $password, $env) = @_;
19             return $username eq 'admin' && $password eq 's3cr3t';
20         }
21

DESCRIPTION

23       Plack::Middleware::Auth::Basic is a basic authentication handler for
24       Plack.
25

CONFIGURATION

27       authenticator
28           A callback function that takes username, password and PSGI
29           environment supplied and returns whether the authentication
30           succeeds. Required.
31
32           Authenticator can also be an object that responds to "authenticate"
33           method that takes username and password and returns boolean, so
34           backends for Authen::Simple is perfect to use:
35
36             use Authen::Simple::LDAP;
37             enable "Auth::Basic", authenticator => Authen::Simple::LDAP->new(...);
38
39       realm
40           Realm name to display in the basic authentication dialog. Defaults
41           to restricted area.
42

LIMITATIONS

44       This middleware expects that the application has a full access to the
45       headers sent by clients in PSGI environment. That is normally the case
46       with standalone Perl PSGI web servers such as Starman or
47       HTTP::Server::Simple::PSGI.
48
49       However, in a web server configuration where you can't achieve this
50       (i.e. using your application via Apache's mod_cgi), this middleware
51       does not work since your application can't know the value of
52       "Authorization:" header.
53
54       If you use Apache as a web server and CGI to run your PSGI application,
55       you can either a) compile Apache with
56       "-DSECURITY_HOLE_PASS_AUTHORIZATION" option, or b) use mod_rewrite to
57       pass the Authorization header to the application with the rewrite rule
58       like following.
59
60         RewriteEngine on
61         RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
62

AUTHOR

64       Tatsuhiko Miyagawa
65

SEE ALSO

67       Plack
68
69
70
71perl v5.32.0                      2020-12-02 Plack::Middleware::Auth::Basic(3)
Impressum