This was taken from a string of emails I sent to the rails mailing list. We were trying to enable a single sign on between Instiki (running on Mongrel) and Mailman running from Apache. cheat empires & allies | cara mengecilkan perut | cara menurunkan berat badan | kardio Software Akutansi Laporan Keuangan Terbaik Waptrick Youtube kata bijak kata mutiara Gemscool 4shared cerita lucu contoh surat lamaran kerja mivo tv Harga Blackberry Harga Hp Lagu Terbaru Software Akutansi Laporan Keuangan Terbaik | smadav pro 8.7 Here’s how we did it. Any suggestions for improvements are welcome.
We needed to authenticate against the cookie written by Ruby. It turns out that you can write a cookie for the entire TLD of *.example.com from Instiki (Rails). So, I changed the cookie writing code in the wiki_controller to the following.
# app/controllers/wiki_controller.rb
cookies['ldap_username_2006'] = {:value =>emailaddress,
:expires =>30.days.from_now,
:domain => '.example.com'
}
cookies['session_id'] = {:value =>session.session_id,
:expires =>30.days.from_now,
:domain => '.example.com'
}
This had the effect of allowing the cookie to be read by all subdomains which is completely fine. The next step was to make Apache recognize the cookie which was a bit harder than I thought. I amended the /etc/httpd/conf.d/mailman.example.com.conf config file with the following mod_rewrite rules.
# /etc/httpd/conf.d/mailman.example.com
RewriteCond %{HTTP_COOKIE} !^.*ldap_username_2006=.*$
RewriteRule .*$
http://instiki.example.com/wiki/auth?mailman_from=http://mailman.example.com%{REQUEST_URI}
So, there was a little bit of more hacking in the “auth” view to force a redirect back to mailman if that’s where the request originated. This required that the auth view needed to handle the “mailman_from” request variable being sent by the rewrite rule.
# app/views/wiki/auth.rhtml
<%= form_tag(:controller => 'wiki' , :action => 'ldap_authenticate',
:redirect_mailman=>@params['mailman_from']) %>
Finally, ldap_authenticate has to redirect back to mailman if the request was initiated there, and the cookie did not exist. The entire URL is preserved. So, if you came in from a particular list request, you are redirected back to that particular list.
# app/controllers/wiki_controller.rb
#
if @params['redirect_mailman'].nil?
redirect_home
else
redirect_to @params['redirect_mailman'].to_s
end
Clearly, this method of checking the ldap_username_2006 is a bare minimum of security. If a user could guess that cookie name, and write it, then they could get access. The right way would be to check the session_id against the database, but it didn’t seem like RewriteCond could do such a thing. I actually have another check in my RewriteCond (not listed in this email) to insure the value of the cookie complies with the regex. Even so, I’d be fairly wary of implementing this outside of our Intranet.
Kata bijak lucu .Learn the bosses and have an understanding of kata mutiara persahabatan , like and utilize the products allowing you to share individuals cerita lucu with others selling them for all those ready.Most people make their particular living alone from setting up MLM walk away income. kata-kata bijak
kata-kata cinta As with other business this is a good personality and competence fit for everyone you notebook can actually make a lot of dough.It should take several smart options and knowledge plus a unique internet marketing niche products Kata Mutiara Islami and tricks to make the software kata-kata indah .
sinus infection For typically the large is going to be people there’s nothing the business to gain access to because they’re not going to be willing to kata-kata mutiara handle the prerequisites of immense time along with work skills to do it harga emas .The simply way to learn if it will be for you is always to give it a shot on poor budget justification kata bijak mario teguh . Thanks To contoh surat lamaran and we melt
.This watch has perpetual diary that goes up to 12 months 2100.It again even changes for hop years otonomi daerah .Another cool feature is that hot weather will “sleep” right after 24 for hours where no movement seems to have passed kata-kata romantis .This conserves the particular in that watch.After applying the see back relating to the wrist only shake will lead it to reset not to mention reactivate it all selamat ulang tahun .You do not have to worry concerning resetting the amount of time because that could be done immediately kata-kata perpisahan .
ramalan jodoh Another product that Seiko offers will be Kinetic Chronograph kata mutiara cinta .This amazing watch features features that include holding a good charge just for 5 several months kata lucu , overcharge protection technology and also energy exhaustion forewarning attributes kata bijak kehidupan .It includes four times the greatest number of wheels as compared to normal quartz running watches and minimizes power eating cerita humor
The other option I considered is forking mailman to check the session_id from the instiki database. This is probably a slightly more sane, however this would require us to merge future mailman patches manually.fb Gemscool 4shared Mivo Tv Rcti Online Berita Indonesia
If anyone has any thoughts on how to check a session_id against a database with mod_rewrite (or any other Apache module), let me know.
waptrick – waptrick – wapdam – wapday – kata mutiara – kata mutiara cinta – kata mutiara inggris – kata mutiara sahabat – tv online indonesia – sctv online – rcti online – trans 7 online – mnc tv online – manfaat internet – pengertian internet – manfaat madu – 4shared.com – berhenti merokok – cara berhenti merokok – bekas luka – bau mulut – merawat rambut – mengecilkan perut – sakit perut – manfaat teh hijau – menghilangkan komedo - menghilangkan jerawat – menghilangkan ketombe – komputer bekas Best Buy best buy