pub/Impl: Lib/IMPL/Security.pm annotate

annotate Lib/IMPL/Security.pm @ 236:2904da230022

DOM refactoring

author	sergey
date	Mon, 15 Oct 2012 04:23:01 +0400
parents	6d8092d8ce1b
children	7c517134c42f

rev	line source
49 16ada169ca75 migrating to the Eclipse IDE wizard@linux-odin.local parents: 0 diff changeset	1 package IMPL::Security;
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	2 use strict;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	3 use Carp qw(carp);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	4
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	5 ##VERSION##
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	6
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	7 require IMPL::Exception;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	8 require IMPL::Security::AbstractContext;
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	9 require IMPL::Security::Rule::RoleCheck;
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	10
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	11 our @rules = (
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	12 \&IMPL::Security::Rule::RoleCheck::SatisfyAll
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	13 );
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	14
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	15 our $authority = undef;
67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	16
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	17 sub AccessCheck {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	18 my ($self, $object, $desiredAccess, $context) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	19
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	20 $context \|\|= IMPL::Security::AbstractContext->context;
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	21
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	22 $_->() or return 0 foreach @{$self->Rules};
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	23
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	24 return 1;
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	25 }
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	26
66 f47f93534005 Documentation wizard parents: 51 diff changeset	27 sub Take {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	28 my ($self,$principal,$refRoles) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	29
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	30 die new IMPL::NotImplementedException();
66 f47f93534005 Documentation wizard parents: 51 diff changeset	31 }
f47f93534005 Documentation wizard parents: 51 diff changeset	32
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	33 sub MakeContext {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	34 my ($this,$principal,$refRoles,$auth) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	35
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	36 return new IMPL::Security::Context(
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	37 principal => $principal,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	38 rolesAssigned => $refRoles,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	39 auth => $auth
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	40 );
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	41 }
2f31ecabe9ea doc wizard parents: 66 diff changeset	42
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	43 sub Rules {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	44 return \@rules;
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	45 }
49 16ada169ca75 migrating to the Eclipse IDE wizard@linux-odin.local parents: 0 diff changeset	46
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	47 sub authority {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	48 return $authority;
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	49 }
67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	50
49 16ada169ca75 migrating to the Eclipse IDE wizard@linux-odin.local parents: 0 diff changeset	51 1;
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	52
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	53 __END__
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	54
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	55 =pod
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	56
66 f47f93534005 Documentation wizard parents: 51 diff changeset	57 =head1 NAME
f47f93534005 Documentation wizard parents: 51 diff changeset	58
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	59 C<IMPL::Security> - Модуль для работы с функциями авторизации и аутентификации.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	60
f47f93534005 Documentation wizard parents: 51 diff changeset	61 =head1 SINOPSYS
f47f93534005 Documentation wizard parents: 51 diff changeset	62
f47f93534005 Documentation wizard parents: 51 diff changeset	63 =begin code
f47f93534005 Documentation wizard parents: 51 diff changeset	64
f47f93534005 Documentation wizard parents: 51 diff changeset	65 use IMPL::Security;
f47f93534005 Documentation wizard parents: 51 diff changeset	66
f47f93534005 Documentation wizard parents: 51 diff changeset	67 my Method {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	68 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	69
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	70 # access check in the current context, using standard configuration
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	71 IMPL::Security->AccessCheck($this,'Method') or die new IMPL::AccessDeniedException("Access is denied");
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	72
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	73 #some more results
66 f47f93534005 Documentation wizard parents: 51 diff changeset	74 }
f47f93534005 Documentation wizard parents: 51 diff changeset	75
f47f93534005 Documentation wizard parents: 51 diff changeset	76 my DelegationMethod {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	77
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	78 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	79
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	80 #forced delegation
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	81 my $delegatedContext = IMPL::Security::Context->new(
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	82 principal => IMPL::Security::Principal->new(
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	83 name => 'suser'
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	84 ),
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	85 rolesAssigned => ['administrator']
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	86 )
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	87
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	88 my $result;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	89
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	90 $delegatedContext->Impersonate(sub{
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	91 $result = $this->Method();
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	92 });
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	93
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	94 return $result;
66 f47f93534005 Documentation wizard parents: 51 diff changeset	95 }
f47f93534005 Documentation wizard parents: 51 diff changeset	96
f47f93534005 Documentation wizard parents: 51 diff changeset	97 my SafeDelegationMethod {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	98
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	99 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	100
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	101 my $delegatedContext = IMPL::Security->Take( suser => 'administrator' );
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	102
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	103 my $result;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	104
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	105 $delegatedContext->Impersonate(sub{
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	106 $result = $this->Method();
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	107 });
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	108
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	109 return $result;
66 f47f93534005 Documentation wizard parents: 51 diff changeset	110 }
f47f93534005 Documentation wizard parents: 51 diff changeset	111
f47f93534005 Documentation wizard parents: 51 diff changeset	112 =end code
f47f93534005 Documentation wizard parents: 51 diff changeset	113
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	114 =head1 DESCRIPTION
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	115
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	116 Модуль для инфраструктуры безопасности, реализует основные функции для авторизации
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	117 и аутентификации пользователей.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	118
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	119 Модуль аутентификации, реализиция которого зависит от приложения, аутентифицирует
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	120 пользователя, при этом создается контекст безопасности, который содержит
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	121 идентификатор пользователя и список активных ролей.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	122
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	123 При проверке прав доступа происходит последовательная проверка правил доступа,
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	124 если все правила выполнены, то доступ разрешается.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	125
66 f47f93534005 Documentation wizard parents: 51 diff changeset	126 =head1 MEMBERS
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	127
66 f47f93534005 Documentation wizard parents: 51 diff changeset	128 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	129
f47f93534005 Documentation wizard parents: 51 diff changeset	130 =item C<AccessCheck($object,$desiredAccess,$context)>
f47f93534005 Documentation wizard parents: 51 diff changeset	131
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	132 Метод. Проверка доступа к объекту с определенными правами, в определенном контексте безопасности.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	133
f47f93534005 Documentation wizard parents: 51 diff changeset	134 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	135
f47f93534005 Documentation wizard parents: 51 diff changeset	136 =item C<$object>
f47f93534005 Documentation wizard parents: 51 diff changeset	137
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	138 Объект доступа.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	139
f47f93534005 Documentation wizard parents: 51 diff changeset	140 =item C<$desiredAccess>
f47f93534005 Documentation wizard parents: 51 diff changeset	141
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	142 Требуемые права доступа.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	143
f47f93534005 Documentation wizard parents: 51 diff changeset	144 =item C<$context>
f47f93534005 Documentation wizard parents: 51 diff changeset	145
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	146 Контекст безопасности, если не указан, то используется текущий C<< IMPL::Security::Context->contextCurrent >>
66 f47f93534005 Documentation wizard parents: 51 diff changeset	147
f47f93534005 Documentation wizard parents: 51 diff changeset	148 =item C<returns>
f47f93534005 Documentation wizard parents: 51 diff changeset	149
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	150 C<true \| false> - результат проверки
66 f47f93534005 Documentation wizard parents: 51 diff changeset	151
f47f93534005 Documentation wizard parents: 51 diff changeset	152 =back
f47f93534005 Documentation wizard parents: 51 diff changeset	153
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	154 =item C<MakeContext($principal,$role,$auth)>
2f31ecabe9ea doc wizard parents: 66 diff changeset	155
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	156 Создает контекст безопасности, инициализируя его передданными параметрами.
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	157
2f31ecabe9ea doc wizard parents: 66 diff changeset	158 =over
2f31ecabe9ea doc wizard parents: 66 diff changeset	159
2f31ecabe9ea doc wizard parents: 66 diff changeset	160 =item C<$principal>
2f31ecabe9ea doc wizard parents: 66 diff changeset	161
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	162 Объект пользователя
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	163
2f31ecabe9ea doc wizard parents: 66 diff changeset	164 =item C<$role>
2f31ecabe9ea doc wizard parents: 66 diff changeset	165
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	166 Роль или ссылка на массив ролей
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	167
2f31ecabe9ea doc wizard parents: 66 diff changeset	168 =item C<$auth>
2f31ecabe9ea doc wizard parents: 66 diff changeset	169
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	170 Объект аутентификации
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	171
2f31ecabe9ea doc wizard parents: 66 diff changeset	172 =back
2f31ecabe9ea doc wizard parents: 66 diff changeset	173
66 f47f93534005 Documentation wizard parents: 51 diff changeset	174 =item C<Take($principal,$role)>
f47f93534005 Documentation wizard parents: 51 diff changeset	175
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	176 Метод. Делегирует текущему пользователю полномочия другого пользователя. При этом выполняется проверка
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	177 правомерности такой операции. В случае неудачи вызывается исключение.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	178
f47f93534005 Documentation wizard parents: 51 diff changeset	179 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	180
f47f93534005 Documentation wizard parents: 51 diff changeset	181 =item C<$principal>
f47f93534005 Documentation wizard parents: 51 diff changeset	182
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	183 Либо имя пользователя либо объект C<IMPL::Security::Principal>.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	184
f47f93534005 Documentation wizard parents: 51 diff changeset	185 =item C<$role>
f47f93534005 Documentation wizard parents: 51 diff changeset	186
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	187 Либо имя либо ссылка на роль, или ссылка на массив либо имен, либо ролей.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	188
f47f93534005 Documentation wizard parents: 51 diff changeset	189 =item C<returns>
f47f93534005 Documentation wizard parents: 51 diff changeset	190
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	191 Новый контекст безопасности.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	192
f47f93534005 Documentation wizard parents: 51 diff changeset	193 =back
f47f93534005 Documentation wizard parents: 51 diff changeset	194
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	195 =item C<Rules()>
66 f47f93534005 Documentation wizard parents: 51 diff changeset	196
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	197 Возвращает список правил которые выполняются при проверках доступа. Пререопределите этот
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	198 метод, чтобы возвращать собственный список правил. Список правил является ссылкой на массив
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	199 элементами которого являются функции.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	200
f47f93534005 Documentation wizard parents: 51 diff changeset	201 =begin code
f47f93534005 Documentation wizard parents: 51 diff changeset	202
f47f93534005 Documentation wizard parents: 51 diff changeset	203 package MySecurity;
f47f93534005 Documentation wizard parents: 51 diff changeset	204
166 4267a2ac3d46 Added Class::Template, wizard parents: 95 diff changeset	205 use parent qw(IMPL::Security);
66 f47f93534005 Documentation wizard parents: 51 diff changeset	206
f47f93534005 Documentation wizard parents: 51 diff changeset	207 sub Rules {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	208 return [
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	209 \&Rule1,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	210 \&Rule2,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	211 #...
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	212 ]
66 f47f93534005 Documentation wizard parents: 51 diff changeset	213 }
f47f93534005 Documentation wizard parents: 51 diff changeset	214
f47f93534005 Documentation wizard parents: 51 diff changeset	215 =end code
f47f93534005 Documentation wizard parents: 51 diff changeset	216
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	217 =item C<[static,get] authority>
67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	218
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	219 Метод, позволяющий получить текущий источник системы безопасности. Источник безопасности, это модуль,
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	220 который получает входные данные и использует их для работы системы безопасности.
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	221
66 f47f93534005 Documentation wizard parents: 51 diff changeset	222 =back
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	223
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	224 =cut

Mercurial > pub > Impl

annotate Lib/IMPL/Security.pm @ 236:2904da230022