annotate Lib/IMPL/Web/Security.pm @ 250:129e48bb5afb

DOM refactoring ObjectToDOM methods are virtual QueryToDOM uses inflators Fixed transform for the complex values in the ObjectToDOM QueryToDOM doesn't allow to use complex values (HASHes) as values for nodes (overpost problem)
author sergey
date Wed, 07 Nov 2012 04:17:53 +0400
parents 23daf2fae33a
children 63709a4e6da0
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
1 package IMPL::Web::Security;
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
2 use strict;
73
wizard
parents: 66
diff changeset
3
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
4 use IMPL::Security::Auth qw(:Const);
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
5 use IMPL::declare {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
6 require => {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
7 Exception => 'IMPL::Exception',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
8 NotImplementedException => '-IMPL::NotImplementedException',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
9 SecurityContext => 'IMPL::Security::AbstractContext'
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
10 },
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
11 };
107
0e72ad99eef7 Updated Web::TT
wizard
parents: 97
diff changeset
12
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
13 use constant {
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
14 ERR_NO_SUCH_USER => -1,
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
15 ERR_NO_SEC_DATA => -2,
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
16 ERR_NO_AUTHORITY => -3,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
17 ERR_NO_SEC_CONTEXT => -4,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
18 ERR_AUTH_FAIL => -5
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
19 };
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
20
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
21 sub AuthUser {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
22 my ($this,$name,$package,$challenge) = @_;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
23
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
24 my $user = $this->FindUserByName($name)
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
25 or return {
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
26 status => AUTH_FAIL,
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
27 code => ERR_NO_SUCH_USER
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
28 };
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
29
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
30 my $auth;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
31 if ( my $secData = $user->GetSecData($package) ) {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
32 $auth = $package->new($secData);
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
33 } else {
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
34 return {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
35 status => AUTH_FAIL,
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
36 code => ERR_NO_SEC_DATA,
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
37 user => $user
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
38 };
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
39 }
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
40
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
41 return {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
42 status => AUTH_FAIL,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
43 code => ERR_NO_SEC_CONTEXT
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
44 } unless SecurityContext->current;
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
45
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
46 return {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
47 status => AUTH_FAIL,
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
48 code => ERR_NO_AUTHORITY
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
49 } unless SecurityContext->current->authority;
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
50
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
51 my $status = SecurityContext->current->authority->InitSession(
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
52 $user,
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
53 [$user->roles],
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
54 $auth,
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
55 $challenge
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
56 );
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
57
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
58 return {
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
59 status => $status,
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
60 code => ($status == AUTH_FAIL ? ERR_AUTH_FAIL : 0),
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
61 user => $user
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
62 };
73
wizard
parents: 66
diff changeset
63 }
wizard
parents: 66
diff changeset
64
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
65 sub Logout {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
66 my ($this) = @_;
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
67
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
68 my $session = SecurityContext->current;
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
69 if($session && $session->authority) {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
70 $session->authority->CloseSession($session);
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
71
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
72 $this->CloseSession($session);
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
73 }
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
74 }
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
75
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
76 sub FindUserByName {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
77 die NotImplementedException->new();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
78 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
79
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
80 sub CreateSession {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
81 die NotImplementedException->new();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
82 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
83
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
84 sub GetSession {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
85 die NotImplementedException->new();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
86 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
87
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
88 sub SaveSession {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
89 die NotImplementedException->new();
73
wizard
parents: 66
diff changeset
90 }
wizard
parents: 66
diff changeset
91
239
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
92 sub CloseSession {
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
93 die NotImplementedException->new();
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
94 }
23daf2fae33a *security subsytem bugfixes
sergey
parents: 233
diff changeset
95
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
96 1;
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
97
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
98 __END__
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
99
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
100 =pod
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
101
73
wizard
parents: 66
diff changeset
102 =head1 NAME
wizard
parents: 66
diff changeset
103
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 166
diff changeset
104 C<IMPL::Web::Security> Модуль для аутентификации и авторизации веб запроса.
73
wizard
parents: 66
diff changeset
105
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
106 =head1 DESCRIPTION
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
107
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
108 Текущий модуль обеспечивает функции верхнего уровня для работы с системой
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
109 безопасности. Поскольку модуль является абстрактым, конкретные функции
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
110 хранения и реализацию объектов модели безопасности должно обеспечить само
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
111 приложение.
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
112
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
113 Сама система безопасности в веб приложении состоит из двух частей
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
114
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
115 =over
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
116
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
117 =item Модель системы безопасности
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
118
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
119 Предоставляет такие объкты безопасности, как пользователь, сессия роль,
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
120 определяет правила проверки прав доступа субъекта к объекту.
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
121
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
122 =item Модуль безопасности
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
123
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
124 Как правило встраивается в транспортный уровеь в виде обработчика
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
125 C<IMPL::Web::Handler> и реализует непосредственно протокол аутентификации и
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
126 обмена с пользователем.
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
127
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
128 Также модуль безопасности использует модель для хранения сессий и данных
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
129 аутентификции. Контекст безопасности создается именно этим модулем.
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
130
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
131 =back
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
132
73
wizard
parents: 66
diff changeset
133 =head1 MEMBERS
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
134
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
135 =head2 C<AuthUser($name,$package,$challenge)>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
136
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
137 Инициирует создание новой сессии используя провайдера безопасности текущего
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
138 контекста безопасности.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
139
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
140 =over
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
141
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
142 =item C<$name>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
143
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
144 Имя пользователя, которое будет использоваться при поиске его в БД.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
145
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
146 =item C<$package>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
147
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
148 Имя модуля аутентификации, например, C<IMPL::Security::Auth::Simple>.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
149
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
150 =item C<$challenge>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
151
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
152 Данные, полученные от клиента, которые будут переданы модулю аутентификации для
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
153 начала процесса аутентификации и создания сессии.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
154
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
155 =back
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
156
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
157 Функция возвращает хеш с элементами
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
158
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
159 =over
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
160
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
161 =item C<status>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
162
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
163 Статус аутентификации - отражает общее состояние процесса ацтентификации,
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
164
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
165 =over
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
166
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
167 =item C<AUTH_FAIL>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
168
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
169 Аутентификация неудачная, сессия не создана.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
170
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
171 =item C<AUTH_INCOMPLETE>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
172
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
173 Аутентификация требует дополнительных шагов, сессия создана, но еще не доверена.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
174
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
175 =item C<AUTH_SUCCESS>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
176
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
177 Аутентификация успешно проведена, сессия создана.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
178
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
179 =back
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
180
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
181 =item C<code>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
182
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
183 =back
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
184
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 166
diff changeset
185 =cut