Now that we finally have a simple yet functional application, we can
focus on providing authentication (with authorization coming next in
-Part 5).
+Part 6).
This part of the tutorial is divided into two main sections: 1) basic,
cleartext authentication and 2) hash-based authentication.
First, we add both user and role information to the database (we will
add the role information here although it will not be used until the
-authorization section, Part 5). Create a new SQL script file by opening
+authorization section, Part 6). Create a new SQL script file by opening
C<myapp02.sql> in your editor and insert:
--
actions. Remember, Catalyst is designed to be very flexible, and leaves
such matters up to you, the designer and programmer.
-Then open C<lib/MyApp/Controller/Login.pm>, locate the C<sub index :
-Private> method (this was automatically inserted by the helpers when we
-created the Login controller above), and delete this line:
+Then open C<lib/MyApp/Controller/Login.pm>, locate the C<sub index
+:Path :Args(0)> method (or C<sub index : Private> if you are using an
+older version of Catalyst) that was automatically inserted by the
+helpers when we created the Login controller above, and delete this
+line:
$c->response->body('Matched MyApp::Controller::Login in Login.');
=cut
- sub index : Private {
+ sub index :Path :Args(0) {
my ($self, $c) = @_;
# Get the username and password from form
C<username> and C<password> values are not present in the form, the
user will be taken to the empty login form.
-Note that we could have used something like C<sub default :Private>;
-however, the use of C<default> actions is discouraged because it does
-not receive path args as with other actions. The recommended practice
-is to only use C<default> in C<MyApp::Controller::Root>.
-
-Another option would be to use something like
-C<sub base :Path :Args(0) {...}> (where the C<...> refers to the login
-code shown in C<sub index : Private> above). We are using C<sub base
-:Path :Args(0) {...}> here to specifically match the URL C</login>.
-C<Path> actions (aka, "literal actions") create URI matches relative to
-the namespace of the controller where they are defined. Although
-C<Path> supports arguments that allow relative and absolute paths to be
-defined, here we use an empty C<Path> definition to match on just the
-name of the controller itself. The method name, C<base>, is arbitrary.
-We make the match even more specific with the C<:Args(0)> action
-modifier -- this forces the match on I<only> C</login>, not
+Note that we could have used something like C<sub default :Path>,
+however partly for historical reasons, and partly for code clarity it
+is generally recommended only to use C<default> in
+C<MyApp::Controller::Root>, and then mainly to generate the 404 not
+found page for the application.
+
+Instead, we are using C<sub base :Path :Args(0) {...}> here to
+specifically match the URL C</login>. C<Path> actions (aka, "literal
+actions") create URI matches relative to the namespace of the
+controller where they are defined. Although C<Path> supports
+arguments that allow relative and absolute paths to be defined, here
+we use an empty C<Path> definition to match on just the name of the
+controller itself. The method name, C<index>, is arbitrary. We make
+the match even more specific with the C<:Args(0)> action modifier --
+this forces the match on I<only> C</login>, not
C</login/somethingelse>.
Next, update the corresponding method in
=cut
- sub index : Private {
+ sub index :Path :Args(0) {
my ($self, $c) = @_;
# Clear the user's state
}
As with the login controller, be sure to delete the
-C<$c->response->body('Matched MyApp::Controller::Logout in Logout.');>
+C<$c-E<gt>response-E<gt>body('Matched MyApp::Controller::Logout in Logout.');>
line of the C<sub index>.
$ script/myapp_server.pl
-B<IMPORTANT NOTE:> If you happen to be using Internet Explorer, you may
-need to use the command C<script/myapp_server.pl -k> to enable the
-keepalive feature in the development server. Otherwise, the HTTP
-redirect on successful login may not work correctly with IE (it seems to
-work without -k if you are running the web browser and development
-server on the same machine). If you are using browser a browser other
-than IE, it should work either way. If you want to make keepalive the
-default, you can edit C<script/myapp_server.pl> and change the
-initialization value for C<$keepalive> to C<1>. (You will need to do
-this every time you create a new Catalyst application or rebuild the
-C<myapp_server.pl> script.)
+B<IMPORTANT NOTE:> If you are having issues with authentication on
+Internet Explorer, be sure to check the system clocks on both your
+server and client machines. Internet Explorer is very picky about
+timestamps for cookies. Note that you can quickly sync an Ubuntu
+system with the following command:
+
+ sudo ntpdate ntp.ubuntu.com
Now trying going to L<http://localhost:3000/books/list> and you should
be redirected to the login page, hitting Shift+Reload if necessary (the
most recent version of the Catalyst Tutorial can be found at
L<http://dev.catalyst.perl.org/repos/Catalyst/trunk/Catalyst-Manual/lib/Catalyst/Manual/Tutorial/>.
-Copyright 2006, Kennedy Clark, under Creative Commons License
+Copyright 2006-2008, Kennedy Clark, under Creative Commons License
(L<http://creativecommons.org/licenses/by-nc-sa/2.5/>).