Mercurial > pub > Impl

annotate Lib/IMPL/Security/Context.pm @ 94:79bf75223afe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed security related bugs
author wizard
date Thu, 29 Apr 2010 01:31:27 +0400
parents 077357224bec
children 67eb8eaec3d4
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
1 package IMPL::Security::Context;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
2 use strict;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
3 use warnings;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
4
74
wizard
parents: 68
diff changeset
5 use base qw(IMPL::Object IMPL::Object::Autofill);
wizard
parents: 68
diff changeset
6
wizard
parents: 68
diff changeset
7 __PACKAGE__->PassThroughArgs;
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
8
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
9 use IMPL::Class::Property;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
10
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
11 require IMPL::Security::Principal;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
12
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 49
diff changeset
13 my $current;
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
14 my $nobody;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
15
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
16 BEGIN {
68
739f1288ca84 Auth in progress
wizard
parents: 66
diff changeset
17 public property principal => prop_get;
739f1288ca84 Auth in progress
wizard
parents: 66
diff changeset
18 public property rolesAssigned => prop_all | prop_list;
739f1288ca84 Auth in progress
wizard
parents: 66
diff changeset
19 public property auth => prop_all;
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
20 }
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
21
74
wizard
parents: 68
diff changeset
22 sub CTOR {
wizard
parents: 68
diff changeset
23 my ($this) = @_;
wizard
parents: 68
diff changeset
24
wizard
parents: 68
diff changeset
25 die new IMPL::InvalidArgumentException("The parameter is required", 'principal') unless $this->principal;
wizard
parents: 68
diff changeset
26 }
wizard
parents: 68
diff changeset
27
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
28 sub Impersonate {
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
29 my ($this,$code) = @_;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
30
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
31 my $old = $current;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
32 my $result;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
33 local $@;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
34 eval {
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
35 $result = $code->();
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
36 };
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
37 $current = $old;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
38 if($@) {
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
39 die $@;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
40 } else {
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
41 return $result;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
42 }
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
43 }
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
44
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
45 sub isTrusted {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
46 my ($this) = @_;
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
47
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
48 if (my $auth = $this->auth) {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
49 return $auth->isTrusted;
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
50 } else {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
51 return 0;
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
52 }
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
53 }
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
54
74
wizard
parents: 68
diff changeset
55 sub nobody {
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
56 my ($self) = @_;
68
739f1288ca84 Auth in progress
wizard
parents: 66
diff changeset
57 $nobody = $self->new(principal => IMPL::Security::Principal->nobody, rolesAssigned => undef) unless $nobody;
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
58 $nobody;
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
59 }
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
60
74
wizard
parents: 68
diff changeset
61 sub current {
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 49
diff changeset
62 my ($self) = @_;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 49
diff changeset
63
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 49
diff changeset
64 $current = __PACKAGE__->nobody unless $current;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 49
diff changeset
65 $current;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 49
diff changeset
66 }
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 49
diff changeset
67
94
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
68 sub Satisfy {
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
69 my ($this,@roles) = @_;
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
70
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
71 my $roleEffective = new IMPL::Security::Role ( _effective => $this->rolesAssigned );
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
72
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
73 return $roleEffective->Satisfy(@roles);
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
74 }
79bf75223afe Fixed security related bugs
wizard
parents: 81
diff changeset
75
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 47
diff changeset
76 1;
74
wizard
parents: 68
diff changeset
77
wizard
parents: 68
diff changeset
78 __END__
wizard
parents: 68
diff changeset
79
wizard
parents: 68
diff changeset
80 =pod
wizard
parents: 68
diff changeset
81
wizard
parents: 68
diff changeset
82 =head1 NAME
wizard
parents: 68
diff changeset
83
wizard
parents: 68
diff changeset
84 C<IMPL::Security::Context> - контекст безопасности.
wizard
parents: 68
diff changeset
85
wizard
parents: 68
diff changeset
86 =head1 SINOPSYS
wizard
parents: 68
diff changeset
87
wizard
parents: 68
diff changeset
88 =begin code
wizard
parents: 68
diff changeset
89
wizard
parents: 68
diff changeset
90 my $context = IMPL::Security::Context->nobody;
wizard
parents: 68
diff changeset
91
wizard
parents: 68
diff changeset
92 my $result = $context->Impersonate(
wizard
parents: 68
diff changeset
93 sub {
wizard
parents: 68
diff changeset
94 # do some untrusted code
wizard
parents: 68
diff changeset
95 }
wizard
parents: 68
diff changeset
96 );
wizard
parents: 68
diff changeset
97
wizard
parents: 68
diff changeset
98 =end code
wizard
parents: 68
diff changeset
99
wizard
parents: 68
diff changeset
100 =head1 DESCRIPTION
wizard
parents: 68
diff changeset
101
wizard
parents: 68
diff changeset
102 C<[Autofill]>
wizard
parents: 68
diff changeset
103
wizard
parents: 68
diff changeset
104 Являет собой контекст безопасности, описывает пользователя и привелегии, так же
wizard
parents: 68
diff changeset
105 у потока есть текущий контекст безопасности, по умолчанию он C<nobody>.
wizard
parents: 68
diff changeset
106
wizard
parents: 68
diff changeset
107 =head1 MEMBERS
wizard
parents: 68
diff changeset
108
wizard
parents: 68
diff changeset
109 =over
wizard
parents: 68
diff changeset
110
wizard
parents: 68
diff changeset
111 =item C<CTOR(%props)>
wizard
parents: 68
diff changeset
112
wizard
parents: 68
diff changeset
113 Создает объект и заполняет его свойствами.
wizard
parents: 68
diff changeset
114
wizard
parents: 68
diff changeset
115 =item C<[get] principal>
wizard
parents: 68
diff changeset
116
wizard
parents: 68
diff changeset
117 Идентификатор пользователя, владельца контекста.
wizard
parents: 68
diff changeset
118
wizard
parents: 68
diff changeset
119 =item C<[get] rolesAssigned>
wizard
parents: 68
diff changeset
120
wizard
parents: 68
diff changeset
121 Список назначенных (активных) ролей пользователю.
wizard
parents: 68
diff changeset
122
wizard
parents: 68
diff changeset
123 =item C<[get] auth>
wizard
parents: 68
diff changeset
124
wizard
parents: 68
diff changeset
125 Объект асторизации C<IMPL::Security::Auth>, использованный при создании текущего контекста.
wizard
parents: 68
diff changeset
126
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
127 =item C<[get] isTrusted>
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
128
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
129 Возвращает значение является ли контекст доверенным, тоесть сессия аутетифицирована.
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 74
diff changeset
130
74
wizard
parents: 68
diff changeset
131 =item C<Impersonate($code)>
wizard
parents: 68
diff changeset
132
wizard
parents: 68
diff changeset
133 Делает контекст текущим и выполняет в нем функцию по ссылке C<$code>. По окончании
wizard
parents: 68
diff changeset
134 выполнения, контекст восстанавливается.
wizard
parents: 68
diff changeset
135
wizard
parents: 68
diff changeset
136 =item C<[static,get] nobody>
wizard
parents: 68
diff changeset
137
wizard
parents: 68
diff changeset
138 Контекст для неаутентифицированных пользователей, минимум прав.
wizard
parents: 68
diff changeset
139
wizard
parents: 68
diff changeset
140 =item C<[static,get] current>
wizard
parents: 68
diff changeset
141
wizard
parents: 68
diff changeset
142 Текущий контекст.
wizard
parents: 68
diff changeset
143
wizard
parents: 68
diff changeset
144 =back
wizard
parents: 68
diff changeset
145
wizard
parents: 68
diff changeset
146 =cut