LP#
1449283: fix auth when running under Apache 2.4
When running under Apache 2.4 using the stock configuration
derived from apache_24/eg_vhost.conf.in, protected
URLs such as https://eghost/reporter/ that are meant to
require valid EG staff credentials were not in fact
requiring authentication.
This patch does the following to fix this:
[1] Removes several uses of "Require all granted" that
was causing authentication to be ignored.
[2] Changes OpenILS::WWW::Proxy::Authen so that it always
sets the username in the Apache request object if
authentication was successful; it appears that starting
with Apache 2.4, authentication handlers must ensure
that a user name is set for a "Require valid-user"
directive to work.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Signed-off-by: Bill Erickson <berickxx@gmail.com>
projects / working / Evergreen.git / commit