Krang::Handler - Krang mod_perl handler
None. See conf/httpd.conf.tmpl for usage.
This module handles Apache requests for Krang. It contains all the Apache/mod_perl handlers used by Krang.
The basic order of events is:
Responsible for setting Krang instance name and propagating it to the environment (KRANG_INSTANCE). Responsible for re-writing requests internally to properly locate files in the case of ``root''-flavor requests. E.g.:
Both requests:
http://my-krang/instance1/someasset.gif http://my-krang/someasset.gif
...translate to...
/path/to/document/root/someasset.gif
Access Control. Checks to make sure the user has a browser that will work with Krang.
supported_browsers()
The list of browsers and versions to allow as supported browsers.
forbidden_browser_message()
The text of the error message returned to unsupported browsers.
Authentication. Checks for an auth cookie. If found and valid, the request is
associated with the user_id via the $request->connection->user()
method. The effect of this is that $query->remote_user()
and
$ENV{REMOTE_USER}
will properly report the user who is logged in.
Authorization. Enforces ``require valid-user'' only. IOW, if a user is specified, they are authorized. If no user has been specified (via the authen_handler), the request is redirected to the login application.
Also, if PasswordChangeTime
is set to a non-zero value,
we check to see if the user's force_pw_change
has been
set. If it has, the user is redirected to force_pw_change
runmode of the CGI::MyPref
class.
Logging. When the application is running under Apache::Registry (not
in CGI_MODE) this handler gets error messages out of
$r->notes()
and logs them with Krang::Log.
Cleanup. We use Apache::SizeLimit to limit the size of the individual
Apache processes. Also, if an ISE occurred during the handling of this request
we send an optional email to any addresses configured by the ErrorNotificationEmail
directive.
Following are methods which can be overridden in sub-classes.
unprotected_uri()
Return a list of URIs which should never be restricted by login.
login_uri()
The URI to which users should be redirected if they fail authorization.