Mercurial > pub > Impl
annotate Lib/IMPL/Web/QueryHandler/SecureCookie.pm @ 134:44977efed303
Significant performance optimizations
Fixed recursion problems due converting objects to JSON
Added cache support for the templates
Added discovery feature for the web methods
| author | wizard |
|---|---|
| date | Mon, 21 Jun 2010 02:39:53 +0400 |
| parents | 964587c5183c |
| children | a9f4ba4783eb |
| rev | line source |
|---|---|
| 73 | 1 package IMPL::Web::QueryHandler::SecureCookie; |
|
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
2 use strict; |
| 68 | 3 |
| 4 use base qw(IMPL::Web::QueryHandler); | |
| 5 use Digest::MD5 qw(md5_hex); | |
| 6 | |
| 7 use IMPL::Class::Property; | |
| 69 | 8 use IMPL::Security::Auth qw(:Const); |
|
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
9 use IMPL::Security; |
| 68 | 10 |
| 11 BEGIN { | |
| 12 public property salt => prop_all; | |
| 13 } | |
| 14 | |
| 69 | 15 sub CTOR { |
| 16 my ($this) = @_; | |
| 17 | |
| 75 | 18 $this->salt('DeadBeef') unless $this->salt; |
| 69 | 19 } |
| 20 | |
| 68 | 21 sub Process { |
| 22 my ($this,$action,$nextHandler) = @_; | |
| 23 | |
| 75 | 24 return undef unless $nextHandler; |
| 25 | |
| 97 | 26 local $IMPL::Security::authority = $this; |
| 27 | |
| 68 | 28 my $method = $action->query->cookie('method') || 'simple'; |
| 29 | |
| 30 if ($method eq 'simple') { | |
| 31 | |
| 69 | 32 my $sid = $action->query->cookie('sid'); |
| 75 | 33 my $cookie = $action->query->cookie('sdata'); |
| 34 my $sign = $action->query->cookie('sign'); | |
| 69 | 35 |
| 75 | 36 if ( |
| 37 $sid and | |
| 38 $cookie and | |
| 39 $sign and | |
| 40 $sign eq md5_hex( | |
| 41 $this->salt, | |
| 42 $sid, | |
| 43 $cookie, | |
| 44 $this->salt | |
| 45 ) | |
| 46 ) { | |
| 89 | 47 my $context = $action->application->security->sourceSession->find( |
| 48 { id => $sid } | |
| 49 ) or return $nextHandler->(); | |
| 69 | 50 |
| 74 | 51 my ($result,$challenge) = $context->auth->ValidateSession($cookie); |
| 68 | 52 |
| 69 | 53 if ($result == AUTH_SUCCESS) { |
|
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
54 $context->authority($this); |
| 69 | 55 return $context->Impersonate($nextHandler); |
| 56 } else { | |
| 57 return $nextHandler->(); | |
| 58 } | |
| 97 | 59 } else { |
| 60 return $nextHandler->(); | |
| 68 | 61 } |
| 62 } else { | |
| 97 | 63 return $nextHandler->(); |
| 68 | 64 } |
| 65 } | |
| 66 | |
|
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
67 sub WriteResponse { |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
68 my ($this,$response,$sid,$cookie,$method) = @_; |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
69 |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
70 my $sign = md5_hex( |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
71 $this->salt, |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
72 $sid, |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
73 $cookie, |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
74 $this->salt |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
75 ); |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
76 |
| 97 | 77 $response->setCookie(sid => $sid); |
| 78 $response->setCookie(sdata => $cookie); | |
| 79 $response->setCookie(sign => $sign); | |
| 80 $response->setCookie(method => $method) if $method; | |
|
95
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
81 } |
|
67eb8eaec3d4
Added a security authority property to the Context and Security classes
wizard
parents:
89
diff
changeset
|
82 |
| 75 | 83 1; |
| 68 | 84 |
| 75 | 85 __END__ |
| 86 | |
| 87 =pod | |
| 88 | |
| 89 =head1 NAME | |
| 90 | |
| 91 C<IMPL::Web::QueryHandler::SecureCookie> | |
| 92 | |
| 93 =head1 DESCRIPTION | |
| 94 | |
| 95 C<use base qw(IMPL::Web::QueryHandler)> | |
| 96 | |
| 97 Возобновляет сессию пользователя на основе информации переданной через Cookie. | |
| 98 | |
| 99 Использует механизм подписи информации для проверки верности входных данных перед | |
| 100 началом каких-либо действий. | |
| 101 | |
| 102 Данный обработчик возвращает результат выполнения следдующего обработчика. | |
| 103 | |
| 104 =head1 MEMBERS | |
| 105 | |
| 106 =over | |
| 107 | |
| 108 =item C<[get,set] salt> | |
| 109 | |
| 110 Скаляр, использующийся для подписи данных. | |
| 111 | |
| 112 =back | |
| 113 | |
| 114 =cut |