.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Plack::Middleware::Auth::Basic 3pm" .TH Plack::Middleware::Auth::Basic 3pm 2024-01-20 "perl v5.38.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME Plack::Middleware::Auth::Basic \- Simple basic authentication middleware .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 2 \& use Plack::Builder; \& my $app = sub { ... }; \& \& builder { \& enable "Auth::Basic", authenticator => \e&authen_cb; \& $app; \& }; \& \& sub authen_cb { \& my($username, $password, $env) = @_; \& return $username eq \*(Aqadmin\*(Aq && $password eq \*(Aqs3cr3t\*(Aq; \& } .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" Plack::Middleware::Auth::Basic is a basic authentication handler for Plack. .SH CONFIGURATION .IX Header "CONFIGURATION" .IP authenticator 4 .IX Item "authenticator" A callback function that takes username, password and PSGI environment supplied and returns whether the authentication succeeds. Required. .Sp Authenticator can also be an object that responds to \f(CW\*(C`authenticate\*(C'\fR method that takes username and password and returns boolean, so backends for Authen::Simple is perfect to use: .Sp .Vb 2 \& use Authen::Simple::LDAP; \& enable "Auth::Basic", authenticator => Authen::Simple::LDAP\->new(...); .Ve .IP realm 4 .IX Item "realm" Realm name to display in the basic authentication dialog. Defaults to \fIrestricted area\fR. .SH LIMITATIONS .IX Header "LIMITATIONS" This middleware expects that the application has a full access to the headers sent by clients in PSGI environment. That is normally the case with standalone Perl PSGI web servers such as Starman or HTTP::Server::Simple::PSGI. .PP However, in a web server configuration where you can't achieve this (i.e. using your application via Apache's mod_cgi), this middleware does not work since your application can't know the value of \&\f(CW\*(C`Authorization:\*(C'\fR header. .PP If you use Apache as a web server and CGI to run your PSGI application, you can either a) compile Apache with \&\f(CW\*(C`\-DSECURITY_HOLE_PASS_AUTHORIZATION\*(C'\fR option, or b) use mod_rewrite to pass the Authorization header to the application with the rewrite rule like following. .PP .Vb 2 \& RewriteEngine on \& RewriteRule .* \- [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] .Ve .SH AUTHOR .IX Header "AUTHOR" Tatsuhiko Miyagawa .SH "SEE ALSO" .IX Header "SEE ALSO" Plack