CGI::Application::Plugin::RequireSSL.3pm

Langue: en

Version: 2007-07-12 (debian - 07/07/09)

Section: 3 (Bibliothèques de fonctions)

NAME

CGI::Application::Plugin::RequireSSL - Force SSL in specified pages or modules

VERSION

Version 0.04

SYNOPSIS

     use CGI::Application::Plugin::RequireSSL;
 
     sub login_form :RequireSSL {
         my $self = shift;
         # etc
     }
 
 

DESCRIPTION

CGI::Application::Plugin::RequireSSL allows individual run modes or whole modules to be protected by SSL. If a standard HTTP request is received, you can specify whether an error is raised or if the request should be redirected to the HTTPS equivalent URL.

EXPORT

Exported methods:
    config_requiressl, mode_redirect

USAGE

run mode-level protection

run mode protection is specified by the RequireSSL attribute after the method name:
     sub process_login :RequireSSL {
         my $self = shift;
     }
 
 

Module-level protection

You can protect a complete module by setting the 'require_ssl' parameter in your instance script:
     use MyApp;
     my $webapp = MyApp->new(
         PARAMS => {require_ssl => 1}
     );
     $webapp->run();
 
 

Redirecting to a protected URL.

By default, an error is raised if a request is made to a protected run mode or module using HTTP. However, you can specify that the request is redirected to the HTTPS url by setting the rewrite_to_ssl parameter as long as the requested method is not POST:
     my $webapp = MyApp->new(
         PARAMS => {rewrite_to_ssl => 1}
     );
 
 

Turning off checks.

If you need to turn off checks, simply set the ignore_check parameter when configuring the plugin (see ``config_requiressl'' below).

Reverting to HTTP

Once a successful request is made to a protected run mode or module, subsequent requests to a non-protected run mode or module will revert to using HTTP. To prevent this from happening, set the parameter keep_in_ssl in the configuration (see ``config_requiressl'' below)

METHODS

config_requiressl

Optionally configure the plugin in your cgiapp_init method
     $self->config_requiressl(
         keep_in_ssl => 0,
         ignore_check => 0,
     )
 
 

Valid parameters are:

keep_in_ssl - if set, all subsequent requests following one to a protected run mode or module will be via HTTPS.
ignore_check - ignore SSL schecking. This is useful if your application is deployed in an environment that doesn't support SSL.

mode_redirect

This is a run mode that will be automatically called if the request should be redirected to the equivalent HTTP or HTTPS URL. You should not call it directly.

AUTHOR

Dan Horne, "<dhorne at cpan.org>"

BUGS

Please report any bugs or feature requests to "bug-cgi-application-plugin-requiressl at rt.cpan.org", or through the web interface at <http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-Application-Plugin-RequireSSL>. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

CAVEAT

This module been tested under the FastCGI persistent environment, but not under mod_perl. The author would apprecaute feedback from anyone who is able to test with that environment.

SUPPORT

You can find documentation for this module with the perldoc command.
     perldoc CGI::Application::Plugin::RequireSSL
 
 

You can also look for information at:

AnnoCPAN: Annotated CPAN documentation

<http://annocpan.org/dist/CGI-Application-Plugin-RequireSSL>

CPAN Ratings

<http://cpanratings.perl.org/d/CGI-Application-Plugin-RequireSSL>

RT: CPAN's request tracker

<http://rt.cpan.org/NoAuth/Bugs.html?Dist=CGI-Application-Plugin-RequireSSL>

Search CPAN

<http://search.cpan.org/dist/CGI-Application-Plugin-RequireSSL>

ACKNOWLEDGEMENTS

Users of the CGI::Application wiki (http://www.cgi-app.org) who requested this module.
Andy Grundman - I stole the idea of the keep_in_ssl parameter from his Catalyst::Plugin::RequireSSL module
Copyright 2007 Dan Horne, all rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.