NAME
AxKit::XSP::BasicAuth - Tag library for basic cookie-based authentication.
SYNOPSIS
Add the session: namespace to your XSP <xsp:page
> tag:
<xsp:page
language="Perl"
xmlns:xsp="http://apache.org/xsp/core/v1"
xmlns:auth="http://www.nichework.com/2003/XSP/BasicAuth"
xmlns:session="http://www.axkit.org/2002/XSP/BasicSession">
And add this taglib to AxKit (via httpd.conf or .htaccess):
SetHandler AxKit
PerlModule Apache::AxKit::Plugin::BasicAuth
<Location />
AuthType Apache::AxKit::Plugin::BasicAuth
AuthName Weblog
</Location>
<Location /style>
require valid-user
</Location>
# Session Management
AxAddPlugin Apache::AxKit::Plugin::BasicSession
PerlSetVar WeblogDataStore DB_File
PerlSetVar WeblogArgs "FileName => /tmp/session"
AxAddPlugin Apache::AxKit::Plugin::BasicSession
AxAddPlugin Apache::AxKit::Plugin::AddXSLParams::BasicSession
# Authentication
PerlSetVar WeblogLoginScript /login
DESCRIPTION
This taglib provides simple form-and-cookie based authentication using Apache::Session and Apache::AuthCookie.
In the tag reference below, AuthNameToken designates the name given for AuthName.
Tag Reference
<auth:login
>
Attempt to log the user in.
Typically, the page you set in AuthNameTokenLoginScript is an XSP page that uses a form built with PerForm to check the user. After verifying the identity of the user (e.g. in start_submit), you will have use this tag tell BasicAuth that the user is authenticated and that the username/password information should be stored in the session.
In constructing your form, it is important to understand that BasicAuth is expecting your username to be in a form field called credential_0. That is the only required form field name, but if other fields are named in the credential_? format, the will be stored in the session information as well. This allows you to store the plaintext user password in credential_1 if you need access to it (among other things).
<auth:logout
>
Log the user out. This is done by removing any keys that match the credential_\d+ regular expression from the session information.
<auth:get-username
>
Returns the username that was used to log in.
<auth:is-logged-in
>
Returns true if the page if the session contains a logged in user.
AUTHOR
Mark A. Hershberger, mah@everybody.org
COPYRIGHT
Copyright (c) 2003 Mark A. Hershberger. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
SEE ALSO
AxKit, Apache::Session, AxKit::XSP::Session, AxKit::XSP::BasicSession
Cocoon2 Session Taglib (http://xml.apache.org/cocoon2/userdocs/xsp/session.html)