1# NOTE: THIS CONFIGURATION IS FOR APACHE 2 ONLY.
2#
3# Modify this to your liking and include it in httpd.conf.
4# -----------------------------------------------------------------------------
5
6PerlModule ModPerl::Util
7PerlModule Apache2::Request
8PerlModule Apache2::RequestRec
9PerlModule Apache2::RequestIO
10PerlModule Apache2::RequestUtil
11PerlModule Apache2::ServerUtil
12PerlModule Apache2::Connection
13PerlModule Apache2::Log
14PerlModule Apache::Session
15PerlModule APR::Table
16PerlModule ModPerl::Registry
17PerlModule "Apache2::Const => ':common'"
18PerlModule "APR::Const => ':common'"
19
20PerlModule Apache2::SiteControl
21PerlModule HTML::Mason::ApacheHandler
22
23# Uncomment this next line if you get errors from libapreq2
24# about an 'undefined symbol'
25LoadModule perl_module	libexec/apache22/mod_perl.so
26LoadModule apreq_module	libexec/apache22/mod_apreq2.so
27
28# Add Netdot's libraries to @INC
29PerlSwitches -I<<Make:PREFIX>>/lib
30
31<Perl>
32# Set up the Mason handler and global variables and import modules.
33use Netdot::Mason;
34
35# Override SiteControl's login method 
36use Netdot::SiteControlLoginWrapper;
37</Perl>
38
39
40# If you would like to put netdot somewhere other than ``/netdot''
41# just change this alias, the location of the login target
42# (i.e. /netdot/NetdotLogin), and the variable NetdotPath below.  
43Alias /netdot "<<Make:PREFIX>>/htdocs/"
44
45# Force UTF8
46PerlSetVar MasonPreamble "use utf8;"
47AddDefaultCharset utf-8 
48
49# Set the path that will be protected.
50#
51# *NOTE* This variable is used to determine absolute paths where
52# needed in the netdot pages.  The Netdot corresponds to AuthName
53# Netdot below.  If you want to change the AuthName you will still
54# need this variable as the Mason code assumes you didn't change the
55# AuthName.
56PerlSetVar NetdotPath "/netdot/"
57
58# Indicate the path to the login page. Be careful, HTML::Mason can 
59# interfere with proper handling...make sure you know your dependencies.
60# See samples and Apache::AuthCookie for more information.
61PerlSetVar NetdotLoginScript /netdot/login.html
62
63# See Apache::AuthCookie for descriptions of these.  
64#
65# A general note about these Netdot variables: Some are accessed when
66# a user requests a page and others are accessed when a user attempts
67# to login.  In our setup the login target (NetdotLogin) is in the
68# same apache scope as the netdot pages (/netdot) and these variables
69# are specified at the global scope so there isn't an issue, but if
70# you decide to move them inside a Directory, Files, or Location block
71# and move the login target be sure that you put the right variables
72# in the right places (hint: you will probably have to read the
73# AuthCookie code as it is not clear from the docs, if you don't want
74# any duplicates).  The same probably goes for the SiteControl and
75# other non prefixed variables, but since they don't have prefixes it
76# would be inconsiderate to put them at the top level (pollute the
77# global name space), and so if you move the login target be sure to
78# duplicate any relevant variables (again, it might not be obvious
79# which).
80PerlSetVar NetdotSatisfy All
81# If this is set you wont be able to use unqualified hostnames and
82# rely on DNS to supply the domain.  DNS will supply the domain no
83# doubt, but the browser doesn't see it so the cookie will be invalid.
84# Also, a hostname isn't valid here.
85#PerlSetVar NetdotDomain .uoregon.edu
86PerlSetVar NetdotCache 1
87
88# We change the value of NetdotExpires dynamically to implement both
89# temporary and permanent sessions.  NetdotTemporySessionExpires
90# specifies the length of the tempory sessions, i.e. it corresponds to
91# NetdotExpires in a typical AuthCookie setup.
92PerlSetVar NetdotTemporarySessionExpires +2h
93
94<Directory <<Make:PREFIX>>/htdocs/>
95   Order Deny,Allow
96   Allow from all
97
98   # Other applications may have attempted to override how .html files are
99   # interpreted.  We need to reset this so that HTML::Mason can work 
100   # correctly.
101   AddType text/html .html
102
103
104   # This is hackish but it works.  It is preferred over handling all
105   # files in /netdot as this causes requests for /netdot or /netdot/
106   # to fail (DirectoryIndex doesn't get handled correctly).  The
107   # "proper" way to handle this is with rewrite rules or
108   # fixuphandlers I think, but this works: Handle everything which
109   # isn't /netdot or /netdot/, i.e. which has atleast one non / char
110   # in its name relative /netdot/, with mason.
111   <FilesMatch .>
112       SetHandler perl-script
113       PerlHandler Netdot::Mason
114   </FilesMatch>
115
116   # Prevent mason from handling css and javascript
117   <FilesMatch (\.css|\.js)$>
118       SetHandler default-handler
119   </FilesMatch>
120
121   AuthType Apache2::SiteControl
122   AuthName Netdot
123   # Choose a name for the instance of the authenticator. This name is
124   # used as part of the remaining variable names.
125   PerlSetVar AuthName Netdot
126   require valid-user
127
128   # Allow access to the css and and title image so the login page
129   # displays correctly.  The anonymous sub is somehow equiv to the
130   # specification of the constant explicitly.  The point is that you
131   # can't simply turn off authentication for particular files, you
132   # must provide a new handler which allows all requests instead.    
133   <FilesMatch (\.css|title\.png)$>
134        PerlAuthenHandler Apache2::Const::OK #'sub { return OK }'
135        PerlAuthzHandler Apache2::Const::OK #'sub { return OK }'
136   </FilesMatch>
137
138   # Use Local authentication
139   PerlSetVar SiteControlMethod Netdot::AuthLocal
140
141   # Turn on debugging
142   PerlSetVar AccessControllerDebug 1
143   PerlSetVar AuthCookieDebug 1
144   PerlSetVar SiteControlDebug 1
145
146   # Configure the factories. See SiteControl::UserFactory and
147   # SiteControl::ManagerFactory
148   PerlSetVar SiteControlManagerFactory Netdot::NetdotPermissionFactory
149
150   # Configure the location of the session data on server disks
151   # NOTE: apache should have read/write access to these locations. 
152   PerlSetVar SiteControlSessions <<Make:PREFIX>>/tmp/sessions
153   PerlSetVar SiteControlLocks <<Make:PREFIX>>/tmp/sessions/locks
154
155   # Tell mod_perl that you want this module to control access:
156   PerlAuthenHandler Apache2::SiteControl->authenticate
157   PerlAuthzHandler Apache2::SiteControl->authorize
158
159   # See Apache2::SiteControl::UserFactory.  There are more variables,
160   # but this seems to be the only one which makess SiteControl insult
161   # you in the logs :P
162   PerlSetVar UserObjectPasswordKey "Netdot gets the last laugh"
163</Directory>
164
165<Location /netdot/NetdotLogin>
166   SetHandler perl-script
167   PerlHandler Netdot::SiteControlLoginWrapper->login
168
169   # Stop AuthCookie from preventing access to NetdotLogin
170   # (which would create an authen loop).
171   PerlAuthenHandler Apache2::Const::OK
172   PerlAuthzHandler Apache2::Const::OK
173
174</Location>
175