1# NOTE: THIS CONFIGURATION IS FOR APACHE 2.4 ONLY
2# (with Debian/Ubuntu version of Apache2::AuthCookie)
3#
4# Modify this to your liking and include it in httpd.conf.
5# -----------------------------------------------------------------------------
6
7PerlModule ModPerl::Util
8PerlModule Apache2::Request
9PerlModule Apache2::RequestRec
10PerlModule Apache2::RequestIO
11PerlModule Apache2::RequestUtil
12PerlModule Apache2::ServerUtil
13PerlModule Apache2::Connection
14PerlModule Apache2::Log
15PerlModule Apache::Session
16PerlModule APR::Table
17PerlModule ModPerl::Registry
18PerlModule "Apache2::Const => ':common'"
19PerlModule "APR::Const => ':common'"
20
21PerlModule Apache2::SiteControl
22PerlModule HTML::Mason::ApacheHandler
23
24# Uncomment this next line if you get errors from libapreq2
25# about an 'undefined symbol'
26#LoadModule apreq_module /usr/lib/apache2/modules/mod_apreq2.so
27
28# Add Netdot's libraries to @INC
29PerlSwitches -I<<Make:PREFIX>>/lib
30
31<Perl>
32# Set up the Mason handler and global variables and import modules.
33use Netdot::Mason;
34
35# Override SiteControl's login method 
36use Netdot::SiteControlLoginWrapper;
37</Perl>
38
39
40# If you would like to put netdot somewhere other than ``/netdot''
41# just change this alias, the location of the login target
42# (i.e. /netdot/NetdotLogin), and the variable NetdotPath below.  
43Alias /netdot "<<Make:PREFIX>>/htdocs/"
44
45# Force UTF8
46PerlSetVar MasonPreamble "use utf8;"
47AddDefaultCharset utf-8 
48
49# Set the path that will be protected.
50#
51# *NOTE* This variable is used to determine absolute paths where
52# needed in the netdot pages.  The Netdot corresponds to AuthName
53# Netdot below.  If you want to change the AuthName you will still
54# need this variable as the Mason code assumes you didn't change the
55# AuthName.
56PerlSetVar NetdotPath "/netdot/"
57
58# Indicate the path to the login page. Be careful, HTML::Mason can 
59# interfere with proper handling...make sure you know your dependencies.
60# See samples and Apache::AuthCookie for more information.
61PerlSetVar NetdotLoginScript /netdot/login.html
62
63# See Apache::AuthCookie for descriptions of these.  
64#
65# A general note about these Netdot variables: Some are accessed when
66# a user requests a page and others are accessed when a user attempts
67# to login.  In our setup the login target (NetdotLogin) is in the
68# same apache scope as the netdot pages (/netdot) and these variables
69# are specified at the global scope so there isn't an issue, but if
70# you decide to move them inside a Directory, Files, or Location block
71# and move the login target be sure that you put the right variables
72# in the right places (hint: you will probably have to read the
73# AuthCookie code as it is not clear from the docs, if you don't want
74# any duplicates).  The same probably goes for the SiteControl and
75# other non prefixed variables, but since they don't have prefixes it
76# would be inconsiderate to put them at the top level (pollute the
77# global name space), and so if you move the login target be sure to
78# duplicate any relevant variables (again, it might not be obvious
79# which).
80
81# If this is set you wont be able to use unqualified hostnames and
82# rely on DNS to supply the domain.  DNS will supply the domain no
83# doubt, but the browser doesn't see it so the cookie will be invalid.
84# Also, a hostname isn't valid here.
85#PerlSetVar NetdotDomain .uoregon.edu
86PerlSetVar NetdotCache 1
87
88# We change the value of NetdotExpires dynamically to implement both
89# temporary and permanent sessions.  NetdotTemporySessionExpires
90# specifies the length of the tempory sessions, i.e. it corresponds to
91# NetdotExpires in a typical AuthCookie setup.
92PerlSetVar NetdotTemporarySessionExpires +2h
93
94# Apache 2.4 Authorization
95PerlAddAuthzProvider user Apache2::SiteControl->authz_handler
96
97<Directory <<Make:PREFIX>>/htdocs/>
98   # Other applications may have attempted to override how .html files are
99   # interpreted.  We need to reset this so that HTML::Mason can work 
100   # correctly.
101   AddType text/html .html
102
103   # Defaults: everything is protected and handled by mason
104   SetHandler perl-script
105   PerlHandler Netdot::Mason
106   AuthType Apache2::SiteControl
107   AuthName Netdot
108   Require valid-user
109
110   # Prevent mason from handling css and javascript
111   <FilesMatch (\.css|\.js)$>
112       SetHandler default-handler
113   </FilesMatch>
114
115   # Allow access to the css and and title image so the login page
116   # displays correctly.
117   <FilesMatch (\.css|title\.png)$>
118       Require all granted
119   </FilesMatch>
120
121   <Files login.html>
122       Require all granted
123   </Files>
124
125   <Files NetdotLogin>
126       Require all granted
127       PerlHandler Netdot::SiteControlLoginWrapper->login
128   </Files>
129
130   # Use Local authentication
131   PerlSetVar SiteControlMethod Netdot::AuthLocal
132
133   # Turn on debugging
134   PerlSetVar AccessControllerDebug 1
135   PerlSetVar AuthCookieDebug 1
136   PerlSetVar SiteControlDebug 1
137
138   # Configure the factories. See SiteControl::UserFactory and
139   # SiteControl::ManagerFactory
140   PerlSetVar SiteControlManagerFactory Netdot::NetdotPermissionFactory
141
142   # Configure the location of the session data on server disks
143   # NOTE: apache should have read/write access to these locations. 
144   PerlSetVar SiteControlSessions <<Make:PREFIX>>/tmp/sessions
145   PerlSetVar SiteControlLocks <<Make:PREFIX>>/tmp/sessions/locks
146
147   # Tell mod_perl that you want this module to control access:
148   PerlAuthenHandler Apache2::SiteControl->authenticate
149
150   # See Apache2::SiteControl::UserFactory.  There are more variables,
151   # but this seems to be the only one which makess SiteControl insult
152   # you in the logs :P
153   PerlSetVar UserObjectPasswordKey "Netdot gets the last laugh"
154</Directory>
155