pub/Impl: Lib/IMPL/Security.pm annotate

annotate Lib/IMPL/Security.pm @ 245:7c517134c42f

Added Unsupported media type Web exception corrected resourceLocation setting in the resource Implemented localizable resources for text messages fixed TT view scopings, INIT block in controls now sets globals correctly.

author	sergey
date	Mon, 29 Oct 2012 03:15:22 +0400
parents	6d8092d8ce1b
children	2270de2469ff

rev	line source
49 16ada169ca75 migrating to the Eclipse IDE wizard@linux-odin.local parents: 0 diff changeset	1 package IMPL::Security;
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	2 use strict;
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	3 use Carp qw(carp);
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	4
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	5 ##VERSION##
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	6
6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	7 require IMPL::Exception;
245 7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	8 require IMPL::Security::Principal;
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	9 require IMPL::Security::AbstractContext;
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	10 require IMPL::Security::Rule::RoleCheck;
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	11
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	12 our @rules = (
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	13 \&IMPL::Security::Rule::RoleCheck::SatisfyAll
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	14 );
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	15
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	16 our $authority = undef;
67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	17
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	18 sub AccessCheck {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	19 my ($self, $object, $desiredAccess, $context) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	20
230 6d8092d8ce1b reworked IMPL::Security sergey* parents: 194 diff changeset	21 $context \|\|= IMPL::Security::AbstractContext->context;
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	22
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	23 $_->() or return 0 foreach @{$self->Rules};
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	24
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	25 return 1;
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	26 }
a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	27
66 f47f93534005 Documentation wizard parents: 51 diff changeset	28 sub Take {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	29 my ($self,$principal,$refRoles) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	30
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	31 die new IMPL::NotImplementedException();
66 f47f93534005 Documentation wizard parents: 51 diff changeset	32 }
f47f93534005 Documentation wizard parents: 51 diff changeset	33
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	34 sub MakeContext {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	35 my ($this,$principal,$refRoles,$auth) = @_;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	36
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	37 return new IMPL::Security::Context(
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	38 principal => $principal,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	39 rolesAssigned => $refRoles,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	40 auth => $auth
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	41 );
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	42 }
2f31ecabe9ea doc wizard parents: 66 diff changeset	43
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	44 sub Rules {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	45 return \@rules;
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	46 }
49 16ada169ca75 migrating to the Eclipse IDE wizard@linux-odin.local parents: 0 diff changeset	47
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	48 sub authority {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	49 return $authority;
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	50 }
67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	51
245 7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	52 sub principal {
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	53 return
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	54 IMPL::Security::AbstractContext->current
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	55 && IMPL::Security::AbstractContext->current->principal
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	56 \|\| IMPL::Security::Principal->nobody;
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	57 }
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	58
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	59 sub context {
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	60 IMPL::Security::AbstractContext->current;
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	61 }
7c517134c42f Added Unsupported media type Web exception sergey parents: 230 diff changeset	62
49 16ada169ca75 migrating to the Eclipse IDE wizard@linux-odin.local parents: 0 diff changeset	63 1;
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	64
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	65 __END__
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	66
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	67 =pod
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	68
66 f47f93534005 Documentation wizard parents: 51 diff changeset	69 =head1 NAME
f47f93534005 Documentation wizard parents: 51 diff changeset	70
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	71 C<IMPL::Security> - Модуль для работы с функциями авторизации и аутентификации.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	72
f47f93534005 Documentation wizard parents: 51 diff changeset	73 =head1 SINOPSYS
f47f93534005 Documentation wizard parents: 51 diff changeset	74
f47f93534005 Documentation wizard parents: 51 diff changeset	75 =begin code
f47f93534005 Documentation wizard parents: 51 diff changeset	76
f47f93534005 Documentation wizard parents: 51 diff changeset	77 use IMPL::Security;
f47f93534005 Documentation wizard parents: 51 diff changeset	78
f47f93534005 Documentation wizard parents: 51 diff changeset	79 my Method {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	80 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	81
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	82 # access check in the current context, using standard configuration
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	83 IMPL::Security->AccessCheck($this,'Method') or die new IMPL::AccessDeniedException("Access is denied");
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	84
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	85 #some more results
66 f47f93534005 Documentation wizard parents: 51 diff changeset	86 }
f47f93534005 Documentation wizard parents: 51 diff changeset	87
f47f93534005 Documentation wizard parents: 51 diff changeset	88 my DelegationMethod {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	89
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	90 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	91
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	92 #forced delegation
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	93 my $delegatedContext = IMPL::Security::Context->new(
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	94 principal => IMPL::Security::Principal->new(
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	95 name => 'suser'
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	96 ),
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	97 rolesAssigned => ['administrator']
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	98 )
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	99
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	100 my $result;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	101
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	102 $delegatedContext->Impersonate(sub{
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	103 $result = $this->Method();
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	104 });
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	105
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	106 return $result;
66 f47f93534005 Documentation wizard parents: 51 diff changeset	107 }
f47f93534005 Documentation wizard parents: 51 diff changeset	108
f47f93534005 Documentation wizard parents: 51 diff changeset	109 my SafeDelegationMethod {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	110
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	111 my $this = shift;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	112
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	113 my $delegatedContext = IMPL::Security->Take( suser => 'administrator' );
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	114
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	115 my $result;
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	116
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	117 $delegatedContext->Impersonate(sub{
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	118 $result = $this->Method();
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	119 });
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	120
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	121 return $result;
66 f47f93534005 Documentation wizard parents: 51 diff changeset	122 }
f47f93534005 Documentation wizard parents: 51 diff changeset	123
f47f93534005 Documentation wizard parents: 51 diff changeset	124 =end code
f47f93534005 Documentation wizard parents: 51 diff changeset	125
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	126 =head1 DESCRIPTION
521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	127
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	128 Модуль для инфраструктуры безопасности, реализует основные функции для авторизации
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	129 и аутентификации пользователей.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	130
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	131 Модуль аутентификации, реализиция которого зависит от приложения, аутентифицирует
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	132 пользователя, при этом создается контекст безопасности, который содержит
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	133 идентификатор пользователя и список активных ролей.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	134
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	135 При проверке прав доступа происходит последовательная проверка правил доступа,
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	136 если все правила выполнены, то доступ разрешается.
51 a1498298d3ee Security in progress wizard@linux-odin.local parents: 50 diff changeset	137
66 f47f93534005 Documentation wizard parents: 51 diff changeset	138 =head1 MEMBERS
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	139
66 f47f93534005 Documentation wizard parents: 51 diff changeset	140 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	141
f47f93534005 Documentation wizard parents: 51 diff changeset	142 =item C<AccessCheck($object,$desiredAccess,$context)>
f47f93534005 Documentation wizard parents: 51 diff changeset	143
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	144 Метод. Проверка доступа к объекту с определенными правами, в определенном контексте безопасности.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	145
f47f93534005 Documentation wizard parents: 51 diff changeset	146 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	147
f47f93534005 Documentation wizard parents: 51 diff changeset	148 =item C<$object>
f47f93534005 Documentation wizard parents: 51 diff changeset	149
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	150 Объект доступа.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	151
f47f93534005 Documentation wizard parents: 51 diff changeset	152 =item C<$desiredAccess>
f47f93534005 Documentation wizard parents: 51 diff changeset	153
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	154 Требуемые права доступа.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	155
f47f93534005 Documentation wizard parents: 51 diff changeset	156 =item C<$context>
f47f93534005 Documentation wizard parents: 51 diff changeset	157
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	158 Контекст безопасности, если не указан, то используется текущий C<< IMPL::Security::Context->contextCurrent >>
66 f47f93534005 Documentation wizard parents: 51 diff changeset	159
f47f93534005 Documentation wizard parents: 51 diff changeset	160 =item C<returns>
f47f93534005 Documentation wizard parents: 51 diff changeset	161
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	162 C<true \| false> - результат проверки
66 f47f93534005 Documentation wizard parents: 51 diff changeset	163
f47f93534005 Documentation wizard parents: 51 diff changeset	164 =back
f47f93534005 Documentation wizard parents: 51 diff changeset	165
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	166 =item C<MakeContext($principal,$role,$auth)>
2f31ecabe9ea doc wizard parents: 66 diff changeset	167
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	168 Создает контекст безопасности, инициализируя его передданными параметрами.
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	169
2f31ecabe9ea doc wizard parents: 66 diff changeset	170 =over
2f31ecabe9ea doc wizard parents: 66 diff changeset	171
2f31ecabe9ea doc wizard parents: 66 diff changeset	172 =item C<$principal>
2f31ecabe9ea doc wizard parents: 66 diff changeset	173
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	174 Объект пользователя
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	175
2f31ecabe9ea doc wizard parents: 66 diff changeset	176 =item C<$role>
2f31ecabe9ea doc wizard parents: 66 diff changeset	177
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	178 Роль или ссылка на массив ролей
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	179
2f31ecabe9ea doc wizard parents: 66 diff changeset	180 =item C<$auth>
2f31ecabe9ea doc wizard parents: 66 diff changeset	181
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	182 Объект аутентификации
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	183
2f31ecabe9ea doc wizard parents: 66 diff changeset	184 =back
2f31ecabe9ea doc wizard parents: 66 diff changeset	185
66 f47f93534005 Documentation wizard parents: 51 diff changeset	186 =item C<Take($principal,$role)>
f47f93534005 Documentation wizard parents: 51 diff changeset	187
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	188 Метод. Делегирует текущему пользователю полномочия другого пользователя. При этом выполняется проверка
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	189 правомерности такой операции. В случае неудачи вызывается исключение.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	190
f47f93534005 Documentation wizard parents: 51 diff changeset	191 =over
f47f93534005 Documentation wizard parents: 51 diff changeset	192
f47f93534005 Documentation wizard parents: 51 diff changeset	193 =item C<$principal>
f47f93534005 Documentation wizard parents: 51 diff changeset	194
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	195 Либо имя пользователя либо объект C<IMPL::Security::Principal>.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	196
f47f93534005 Documentation wizard parents: 51 diff changeset	197 =item C<$role>
f47f93534005 Documentation wizard parents: 51 diff changeset	198
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	199 Либо имя либо ссылка на роль, или ссылка на массив либо имен, либо ролей.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	200
f47f93534005 Documentation wizard parents: 51 diff changeset	201 =item C<returns>
f47f93534005 Documentation wizard parents: 51 diff changeset	202
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	203 Новый контекст безопасности.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	204
f47f93534005 Documentation wizard parents: 51 diff changeset	205 =back
f47f93534005 Documentation wizard parents: 51 diff changeset	206
73 2f31ecabe9ea doc wizard parents: 66 diff changeset	207 =item C<Rules()>
66 f47f93534005 Documentation wizard parents: 51 diff changeset	208
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	209 Возвращает список правил которые выполняются при проверках доступа. Пререопределите этот
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	210 метод, чтобы возвращать собственный список правил. Список правил является ссылкой на массив
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	211 элементами которого являются функции.
66 f47f93534005 Documentation wizard parents: 51 diff changeset	212
f47f93534005 Documentation wizard parents: 51 diff changeset	213 =begin code
f47f93534005 Documentation wizard parents: 51 diff changeset	214
f47f93534005 Documentation wizard parents: 51 diff changeset	215 package MySecurity;
f47f93534005 Documentation wizard parents: 51 diff changeset	216
166 4267a2ac3d46 Added Class::Template, wizard parents: 95 diff changeset	217 use parent qw(IMPL::Security);
66 f47f93534005 Documentation wizard parents: 51 diff changeset	218
f47f93534005 Documentation wizard parents: 51 diff changeset	219 sub Rules {
194 4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	220 return [
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	221 \&Rule1,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	222 \&Rule2,
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	223 #...
4d0e1962161c Replaced tabs with spaces cin parents: 180 diff changeset	224 ]
66 f47f93534005 Documentation wizard parents: 51 diff changeset	225 }
f47f93534005 Documentation wizard parents: 51 diff changeset	226
f47f93534005 Documentation wizard parents: 51 diff changeset	227 =end code
f47f93534005 Documentation wizard parents: 51 diff changeset	228
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	229 =item C<[static,get] authority>
67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	230
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	231 Метод, позволяющий получить текущий источник системы безопасности. Источник безопасности, это модуль,
d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	232 который получает входные данные и использует их для работы системы безопасности.
95 67eb8eaec3d4 Added a security authority property to the Context and Security classes wizard parents: 74 diff changeset	233
66 f47f93534005 Documentation wizard parents: 51 diff changeset	234 =back
50 521c9c1a3ea1 :q wizard@linux-odin.local parents: 49 diff changeset	235
180 d1676be8afcc Перекодировка в utf-8 sourcer parents: 172 diff changeset	236 =cut

Mercurial > pub > Impl

annotate Lib/IMPL/Security.pm @ 245:7c517134c42f