annotate Lib/IMPL/Web/Security.pm @ 234:2530d1bb9638

sync
author sergey
date Thu, 11 Oct 2012 20:11:45 +0400
parents 3cebcf6fdb9b
children 23daf2fae33a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
1 package IMPL::Web::Security;
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
2 use strict;
73
wizard
parents: 66
diff changeset
3
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
4 use IMPL::Security::Auth qw(:Const);
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
5 use IMPL::declare {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
6 require => {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
7 Exception => 'IMPL::Exception',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
8 NotImplementedException => '-IMPL::NotImplementedException',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
9 SecurityContext => 'IMPL::Security::AbstractContext'
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
10 },
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
11 };
107
0e72ad99eef7 Updated Web::TT
wizard
parents: 97
diff changeset
12
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
13 use constant {
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
14 ERR_NO_SUCH_USER => -1,
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
15 ERR_NO_SEC_DATA => -2,
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
16 ERR_AUTH_FAIL => -3
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
17 };
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
18
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
19 sub AuthUser {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
20 my ($this,$name,$package,$challenge) = @_;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
21
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
22 my $user = $this->FindUserByName($name)
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
23 or return {
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
24 status => AUTH_FAIL,
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
25 code => ERR_NO_SUCH_USER
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
26 };
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
27
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
28 my $auth;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
29 if ( my $secData = $user->GetSecData($package) ) {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
30 $auth = $package->new($secData);
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
31 } else {
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
32 return {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
33 status => AUTH_FAIL,
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
34 code => ERR_NO_SEC_DATA,
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
35 user => $user
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
36 };
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
37 }
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
38
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
39 my $status = SecurityContext->current->authority->InitSession(
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
40 $user,
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
41 $auth,
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
42 [$user->roles]
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
43 );
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
44
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
45 return {
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
46 status => $status,
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
47 code => ($status == AUTH_FAIL ? ERR_AUTH_FAIL : 0),
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
48 user => $user
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
49 };
73
wizard
parents: 66
diff changeset
50 }
wizard
parents: 66
diff changeset
51
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
52 sub FindUserByName {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
53 die NotImplementedException->new();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
54 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
55
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
56 sub CreateSession {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
57 die NotImplementedException->new();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
58 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
59
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
60 sub GetSession {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
61 die NotImplementedException->new();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
62 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
63
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
64 sub SaveSession {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
65 die NotImplementedException->new();
73
wizard
parents: 66
diff changeset
66 }
wizard
parents: 66
diff changeset
67
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
68 1;
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
69
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
70 __END__
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
71
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
72 =pod
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
73
73
wizard
parents: 66
diff changeset
74 =head1 NAME
wizard
parents: 66
diff changeset
75
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 166
diff changeset
76 C<IMPL::Web::Security> Модуль для аутентификации и авторизации веб запроса.
73
wizard
parents: 66
diff changeset
77
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
78 =head1 DESCRIPTION
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
79
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
80 Текущий модуль обеспечивает функции верхнего уровня для работы с системой
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
81 безопасности. Поскольку модуль является абстрактым, конкретные функции
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
82 хранения и реализацию объектов модели безопасности должно обеспечить само
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
83 приложение.
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
84
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
85 Сама система безопасности в веб приложении состоит из двух частей
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
86
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
87 =over
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
88
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
89 =item Модель системы безопасности
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
90
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
91 Предоставляет такие объкты безопасности, как пользователь, сессия роль,
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
92 определяет правила проверки прав доступа субъекта к объекту.
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
93
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
94 =item Модуль безопасности
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
95
232
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
96 Как правило встраивается в транспортный уровеь в виде обработчика
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
97 C<IMPL::Web::Handler> и реализует непосредственно протокол аутентификации и
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
98 обмена с пользователем.
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
99
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
100 Также модуль безопасности использует модель для хранения сессий и данных
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
101 аутентификции. Контекст безопасности создается именно этим модулем.
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
102
5c82eec23bb6 Fixed degradations due refactoring
sergey
parents: 231
diff changeset
103 =back
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
104
73
wizard
parents: 66
diff changeset
105 =head1 MEMBERS
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
106
233
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
107 =head2 C<AuthUser($name,$package,$challenge)>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
108
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
109 Инициирует создание новой сессии используя провайдера безопасности текущего
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
110 контекста безопасности.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
111
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
112 =over
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
113
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
114 =item C<$name>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
115
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
116 Имя пользователя, которое будет использоваться при поиске его в БД.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
117
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
118 =item C<$package>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
119
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
120 Имя модуля аутентификации, например, C<IMPL::Security::Auth::Simple>.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
121
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
122 =item C<$challenge>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
123
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
124 Данные, полученные от клиента, которые будут переданы модулю аутентификации для
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
125 начала процесса аутентификации и создания сессии.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
126
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
127 =back
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
128
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
129 Функция возвращает хеш с элементами
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
130
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
131 =over
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
132
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
133 =item C<status>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
134
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
135 Статус аутентификации - отражает общее состояние процесса ацтентификации,
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
136
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
137 =over
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
138
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
139 =item C<AUTH_FAIL>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
140
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
141 Аутентификация неудачная, сессия не создана.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
142
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
143 =item C<AUTH_INCOMPLETE>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
144
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
145 Аутентификация требует дополнительных шагов, сессия создана, но еще не доверена.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
146
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
147 =item C<AUTH_SUCCESS>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
148
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
149 Аутентификация успешно проведена, сессия создана.
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
150
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
151 =back
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
152
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
153 =item C<code>
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
154
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
155 =back
3cebcf6fdb9b refactoring, cleaning code
sergey
parents: 232
diff changeset
156
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 166
diff changeset
157 =cut