NAME

Krang::Handler - Krang mod_perl handler

SYNOPSIS

None. See conf/httpd.conf.tmpl for usage.

DESCRIPTION

This module handles Apache requests for Krang. It contains all the Apache/mod_perl handlers used by Krang.

The basic order of events is:

• Krang::Handler->trans_handler

  Responsible for setting Krang instance name and propagating it to the environment (KRANG_INSTANCE). Responsible for re-writing requests internally to properly locate files in the case of ``root''-flavor requests. E.g.:

  Both requests:

    http://my-krang/instance1/someasset.gif
    http://my-krang/someasset.gif

   ...translate to...

    /path/to/document/root/someasset.gif

• Krang::Handler->access_handler

  Access Control. Checks to make sure the user has a browser that will work with Krang.

• supported_browsers()

  The list of browsers and versions to allow as supported browsers.

• forbidden_browser_message()

  The text of the error message returned to unsupported browsers.

• Krang::Handler->authen_handler

  Authentication. Checks for an auth cookie. If found and valid, the request is associated with the user_id via the $request->connection->user() method. The effect of this is that $query->remote_user() and $ENV{REMOTE_USER} will properly report the user who is logged in.

• Krang::Handler->authz_handler

  Authorization. Enforces ``require valid-user'' only. IOW, if a user is specified, they are authorized. If no user has been specified (via the authen_handler), the request is redirected to the login application.

  Also, if PasswordChangeTime is set to a non-zero value, we check to see if the user's force_pw_change has been set. If it has, the user is redirected to force_pw_change runmode of the CGI::MyPref class.

• Krang::Handler->log_handler

  Logging. When the application is running under Apache::Registry (not in CGI_MODE) this handler gets error messages out of $r->notes() and logs them with Krang::Log.

• Krang::Handler->cleanup_handler

  Cleanup. We use Apache::SizeLimit to limit the size of the individual Apache processes. Also, if an ISE occurred during the handling of this request we send an optional email to any addresses configured by the ErrorNotificationEmail directive.

INTERFACE

Following are methods which can be overridden in sub-classes.

• unprotected_uri()

  Return a list of URIs which should never be restricted by login.

• login_uri()

  The URI to which users should be redirected if they fail authorization.