annotate Lib/IMPL/Security/Context.pm @ 393:69a1f1508696

minor security refactoring
author cin
date Fri, 14 Feb 2014 16:41:12 +0400
parents b8c724f6de36
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
1 package IMPL::Security::Context;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
2 use strict;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
3 use warnings;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
4
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
5 use IMPL::require {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
6 AbstractContext => 'IMPL::Security::AbstractContext',
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
7 };
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
8
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
9 use IMPL::declare {
238
b8c724f6de36 DOM model refactoring
sergey
parents: 230
diff changeset
10 require => {
b8c724f6de36 DOM model refactoring
sergey
parents: 230
diff changeset
11 Principal => 'IMPL::Security::Principal',
b8c724f6de36 DOM model refactoring
sergey
parents: 230
diff changeset
12 Role => 'IMPL::Security::Role',
b8c724f6de36 DOM model refactoring
sergey
parents: 230
diff changeset
13 Exception => 'IMPL::Exception',
b8c724f6de36 DOM model refactoring
sergey
parents: 230
diff changeset
14 ArgumentException => '-IMPL::InvalidArgumentException'
b8c724f6de36 DOM model refactoring
sergey
parents: 230
diff changeset
15 },
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
16 base => [
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
17 'IMPL::Object' => undef,
238
b8c724f6de36 DOM model refactoring
sergey
parents: 230
diff changeset
18 'IMPL::Object::Autofill' => '@_',
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
19 'IMPL::Security::AbstractContext' => undef,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
20 ],
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
21 props => [
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
22 @{AbstractContext->abstractProps()}
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
23 ]
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
24 };
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
25
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
26 __PACKAGE__->abstractProps([]);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
27
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
28
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
29 my $nobody;
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
30
74
wizard
parents: 68
diff changeset
31 sub CTOR {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
32 my ($this) = @_;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
33
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
34 die ArgumentException->new("The parameter is required", 'principal') unless $this->principal;
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
35 }
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
36
74
wizard
parents: 68
diff changeset
37 sub nobody {
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
38 my ($self) = @_;
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
39 $nobody = $self->new(principal => Principal->nobody) unless $nobody;
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
40 $nobody;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
41 }
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
42
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
43 sub isTrusted {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
44 return 1;
94
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
45 }
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
46
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
47 1;
74
wizard
parents: 68
diff changeset
48
wizard
parents: 68
diff changeset
49 __END__
wizard
parents: 68
diff changeset
50
wizard
parents: 68
diff changeset
51 =pod
wizard
parents: 68
diff changeset
52
wizard
parents: 68
diff changeset
53 =head1 NAME
wizard
parents: 68
diff changeset
54
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
55 C<IMPL::Security::Context> - реализация контекста безопасности создаваемого в
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
56 приложении.
74
wizard
parents: 68
diff changeset
57
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
58 =head1 SYNOPSIS
74
wizard
parents: 68
diff changeset
59
wizard
parents: 68
diff changeset
60 =begin code
wizard
parents: 68
diff changeset
61
wizard
parents: 68
diff changeset
62 my $context = IMPL::Security::Context->nobody;
wizard
parents: 68
diff changeset
63
wizard
parents: 68
diff changeset
64 my $result = $context->Impersonate(
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
65 sub {
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
66 # do some untrusted code
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
67 }
74
wizard
parents: 68
diff changeset
68 );
wizard
parents: 68
diff changeset
69
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
70 $context = IMPL::Security::Context->new(
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
71 principal => $user,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
72 assignedRoles => [
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
73 $backupRole,
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
74 $controlRole
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
75 ]
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
76 );
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
77
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
78 $context->Impersonate(
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
79 sub {
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
80
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
81 # do some authorized operations
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
82
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
83 $service->backupData('current.bak');
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
84 $service->stop();
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
85 }
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
86 );
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
87
74
wizard
parents: 68
diff changeset
88 =end code
wizard
parents: 68
diff changeset
89
wizard
parents: 68
diff changeset
90 =head1 DESCRIPTION
wizard
parents: 68
diff changeset
91
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
92 C<autofill>
74
wizard
parents: 68
diff changeset
93
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
94 Данная реализация контекста безопасности не привязана ни к источнику данных
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
95 ни к пакету аутентификации и авторизации, ее приложение может создать в любой
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
96 момент, при этом система сама несет ответственность за последствия.
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
97
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
98 Данный контекст нужен для выполнения системой служебных функций.
74
wizard
parents: 68
diff changeset
99
wizard
parents: 68
diff changeset
100 =head1 MEMBERS
wizard
parents: 68
diff changeset
101
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
102 см. также C<IMPL::Security::AbstractContext>.
74
wizard
parents: 68
diff changeset
103
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
104 =head2 C<CTOR(%props)>
74
wizard
parents: 68
diff changeset
105
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
106 Создает объект и заполняет его свойствами. C<principal> должен быть обязательно
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
107 указан.
74
wizard
parents: 68
diff changeset
108
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
109 =head2 C<[static,get] nobody>
74
wizard
parents: 68
diff changeset
110
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 173
diff changeset
111 Контекст для неаутентифицированных пользователей, минимум прав.
74
wizard
parents: 68
diff changeset
112
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 173
diff changeset
113 =cut