An Authorizing Docbase Viewer
Now let’s put the pieces together. Example 12.4 shows how an authorizing version of a docbase viewer, such as the doc-view.pl script we saw in Chapter 7, can restrict access to a docbase based on a combination of group membership and attribute-based subscription. It enforces the following requirements:
The user can be authenticated to a directory server.
The user is a member of the subscribers group.
The
company
field of the requested document matches one of the subscribed-to companies listed for that user in the subscription database.
In addition to illustrating these mechanisms, Example 12.4 shows how it’s possible to integrate the Perl technologies we’ve seen already into the Active Server Pages environment.
Example 12-4. An ASP Version of the Authorizing Viewer
<%@ language = PerlScript%> <% use Group::LdapGroup; use MIME::Base64; use SHA; use Docbase::Docbase; my $g = Group::LdapGroup->new("ldap.roninhouse.com",389,"o=RoninHouse.com", "ProductAnalysisSubscribers","uid=admin,o=RoninHouse.com","admin_passwd"); my $doc = $Request->{doc}->{Item}; # retrieve CGI var # for document my $dbh = $Application->Contents->dbhandle; # acquire db handle my $db = Docbase::Docbase->new('ProductAnalysis'); # initialize docbase my $metarecord = $db->getMetadata("$docroot/$doc"); # look up metadata for doc my $company = $metarecord->{company}; # extract company field my $deny_message = ""; my $basic_auth_obj = # get basic auth header object $Request->ServerVariables(HTTP_AUTHORIZATION); ...
Get Practical Internet Groupware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.