[thesite] UEUE -- Cleaning up with SOAP/XML-RPC
Jeremy Ashcraft
ashcraft at 13monkeys.com
Wed Nov 28 11:34:52 CST 2001
I was mulling over some ideas regarding the *.evolt.org cookie problem, using
SOAP, etc and think I have a good idea. I was remembering how at my old job
we used NSAPI and ISAPI filters with LDAP for authentication on iPlanet and
IIS servers, which led me to think about at my current company, where we use
mod_perl handlers to do some pretty cool URL translation in Apache to modify
incoming requests. My idea is sort of a combination of the two(in a yet
unrefined form).
What if we had a request handler in apache(written in perl) that handled the
authentication(via a SOAP client) of the user instead of having a SOAP client
in each of the applications. This way we can sort of "pre-screen" the
request to determine if the user is who they say they are, is where they are
supposed to be, what they have access to and manipulate the HTTP request
accordingly. All done within the server with no change to the application,
no matter what language its written in.
Rough outline:
................
grab url of incoming request
if(request is for page that needs authentication) {
authenticate with SOAP client to UEUE.evolt.org
if(no auth) {
set request url to go to auth denied screen(or something like that)
} else {
do some UEUE magic
}
}
if(request is for page that shouldn't see UEUE cookies) {
strip UEUE cookies sent from browser out of request headers
}
pass request on to webserver, let it handle accordingly
.............
This is not a solution, just an idea. I know that this is an apache only
idea, but the same could be applied to IIS in a different way. there also
may be some overhead issues in filtering every request that comes in. There
might some other stuff that I'm overlooking or not taking into consideration,
but that's what the rest of you are for, right? :)
anyways, have at it.......
jeremy
On Sunday 25 November 2001 00:53, Mark Nickel wrote:
> weeeeeee!
>
> We are now at version 0.3 of my UEUE notes found here:
> http://members.evolt.org/mnickel
>
> I have a box all set up to run SOAP::Lite and I'm pulling together some
> examples that are UEUE specific. I don't have a solid ETA yet, but I'm
> borrowing stuff from other GPL'ed projects.. (see my UEUE document for
> weblinks)
>
> BTW, what is the ethical procedure for borrowing ideas from other GPL'ed
> projects? I'm only thinking of taking function/procedure/method names. I
> mean really...how unique is "login" "is_valid" as method names...
>
> Thanks all!
>
> Mark
>
>
> _______________________________________________
> For unsubscribe, archive, and options, go to:
> http://lists.evolt.org/mailman/listinfo/thesite
More information about the thesite
mailing list