Mercurial > pub > Impl

annotate Lib/IMPL/Security.pm @ 74:84aa8c395fce

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc minor fixes
author wizard
date Mon, 29 Mar 2010 17:40:06 +0400
parents 2f31ecabe9ea
children 67eb8eaec3d4
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 0
diff changeset
1 package IMPL::Security;
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
2 require IMPL::Security::Context;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
3 require IMPL::Security::Rule::RoleCheck;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
4
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
5 our @rules = (
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
6 \&IMPL::Security::Rule::RoleCheck::SatisfyAll
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
7 );
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
8
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
9 sub AccessCheck {
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
10 my ($self, $object, $desiredAccess, $context) = @_;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
11
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
12 $context = IMPL::Security::Context->contextCurrent;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
13
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
14 $_->() or return 0 foreach @{$self->Rules};
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
15
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
16 return 1;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
17 }
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
18
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
19 sub Take {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
20 my ($self,$principal,$refRoles) = @_;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
21
f47f93534005 Documentation
wizard
parents: 51
diff changeset
22 die new IMPL::NotImplementedException();
f47f93534005 Documentation
wizard
parents: 51
diff changeset
23 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
24
73
wizard
parents: 66
diff changeset
25 sub MakeContext {
wizard
parents: 66
diff changeset
26 my ($this,$principal,$refRoles,$auth) = @_;
wizard
parents: 66
diff changeset
27
wizard
parents: 66
diff changeset
28 return new IMPL::Security::Context(
wizard
parents: 66
diff changeset
29 principal => $principal,
wizard
parents: 66
diff changeset
30 rolesAssigned => $refRoles,
wizard
parents: 66
diff changeset
31 auth => $auth
wizard
parents: 66
diff changeset
32 );
wizard
parents: 66
diff changeset
33 }
wizard
parents: 66
diff changeset
34
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
35 sub Rules {
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
36 return \@rules;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
37 }
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 0
diff changeset
38
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 0
diff changeset
39 1;
50
wizard@linux-odin.local
parents: 49
diff changeset
40
wizard@linux-odin.local
parents: 49
diff changeset
41 __END__
wizard@linux-odin.local
parents: 49
diff changeset
42
wizard@linux-odin.local
parents: 49
diff changeset
43 =pod
wizard@linux-odin.local
parents: 49
diff changeset
44
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
45 =head1 NAME
f47f93534005 Documentation
wizard
parents: 51
diff changeset
46
f47f93534005 Documentation
wizard
parents: 51
diff changeset
47 C<IMPL::Security> - Модуль для работы с функциями авторизации и аутентификации.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
48
f47f93534005 Documentation
wizard
parents: 51
diff changeset
49 =head1 SINOPSYS
f47f93534005 Documentation
wizard
parents: 51
diff changeset
50
f47f93534005 Documentation
wizard
parents: 51
diff changeset
51 =begin code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
52
f47f93534005 Documentation
wizard
parents: 51
diff changeset
53 use IMPL::Security;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
54
f47f93534005 Documentation
wizard
parents: 51
diff changeset
55 my Method {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
56 my $this = shift;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
57
f47f93534005 Documentation
wizard
parents: 51
diff changeset
58 # access check in the current context, using standard configuration
f47f93534005 Documentation
wizard
parents: 51
diff changeset
59 IMPL::Security->AccessCheck($this,'Method') or die new IMPL::AccessDeniedException("Access is denied");
f47f93534005 Documentation
wizard
parents: 51
diff changeset
60
f47f93534005 Documentation
wizard
parents: 51
diff changeset
61 #some more results
f47f93534005 Documentation
wizard
parents: 51
diff changeset
62 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
63
f47f93534005 Documentation
wizard
parents: 51
diff changeset
64 my DelegationMethod {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
65
f47f93534005 Documentation
wizard
parents: 51
diff changeset
66 my $this = shift;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
67
f47f93534005 Documentation
wizard
parents: 51
diff changeset
68 #forced delegation
f47f93534005 Documentation
wizard
parents: 51
diff changeset
69 my $delegatedContext = IMPL::Security::Context->new(
74
wizard
parents: 73
diff changeset
70 principal => IMPL::Security::Principal->new(
wizard
parents: 73
diff changeset
71 name => 'suser'
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
72 ),
74
wizard
parents: 73
diff changeset
73 rolesAssigned => ['administrator']
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
74 )
f47f93534005 Documentation
wizard
parents: 51
diff changeset
75
f47f93534005 Documentation
wizard
parents: 51
diff changeset
76 my $result;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
77
f47f93534005 Documentation
wizard
parents: 51
diff changeset
78 $delegatedContext->Impersonate(sub{
f47f93534005 Documentation
wizard
parents: 51
diff changeset
79 $result = $this->Method();
f47f93534005 Documentation
wizard
parents: 51
diff changeset
80 });
f47f93534005 Documentation
wizard
parents: 51
diff changeset
81
f47f93534005 Documentation
wizard
parents: 51
diff changeset
82 return $result;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
83 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
84
f47f93534005 Documentation
wizard
parents: 51
diff changeset
85 my SafeDelegationMethod {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
86
f47f93534005 Documentation
wizard
parents: 51
diff changeset
87 my $this = shift;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
88
f47f93534005 Documentation
wizard
parents: 51
diff changeset
89 my $delegatedContext = IMPL::Security->Take( suser => 'administrator' );
f47f93534005 Documentation
wizard
parents: 51
diff changeset
90
f47f93534005 Documentation
wizard
parents: 51
diff changeset
91 my $result;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
92
f47f93534005 Documentation
wizard
parents: 51
diff changeset
93 $delegatedContext->Impersonate(sub{
f47f93534005 Documentation
wizard
parents: 51
diff changeset
94 $result = $this->Method();
f47f93534005 Documentation
wizard
parents: 51
diff changeset
95 });
f47f93534005 Documentation
wizard
parents: 51
diff changeset
96
f47f93534005 Documentation
wizard
parents: 51
diff changeset
97 return $result;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
98 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
99
f47f93534005 Documentation
wizard
parents: 51
diff changeset
100 =end code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
101
50
wizard@linux-odin.local
parents: 49
diff changeset
102 =head1 DESCRIPTION
wizard@linux-odin.local
parents: 49
diff changeset
103
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
104 Модуль для инфраструктуры безопасности, реализует основные функции для авторизации
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
105 и аутентификации пользователей.
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
106
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
107 Модуль аутентификации, реализиция которого зависит от приложения, аутентифицирует
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
108 пользователя, при этом создается контекст безопасности, который содержит
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
109 идентификатор пользователя и список активных ролей.
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
110
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
111 При проверке прав доступа происходит последовательная проверка правил доступа,
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
112 если все правила выполнены, то доступ разрешается.
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
113
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
114 =head1 MEMBERS
50
wizard@linux-odin.local
parents: 49
diff changeset
115
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
116 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
117
f47f93534005 Documentation
wizard
parents: 51
diff changeset
118 =item C<AccessCheck($object,$desiredAccess,$context)>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
119
f47f93534005 Documentation
wizard
parents: 51
diff changeset
120 Метод. Проверка доступа к объекту с определенными правами, в определенном контексте безопасности.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
121
f47f93534005 Documentation
wizard
parents: 51
diff changeset
122 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
123
f47f93534005 Documentation
wizard
parents: 51
diff changeset
124 =item C<$object>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
125
f47f93534005 Documentation
wizard
parents: 51
diff changeset
126 Объект доступа.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
127
f47f93534005 Documentation
wizard
parents: 51
diff changeset
128 =item C<$desiredAccess>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
129
f47f93534005 Documentation
wizard
parents: 51
diff changeset
130 Требуемые права доступа.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
131
f47f93534005 Documentation
wizard
parents: 51
diff changeset
132 =item C<$context>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
133
f47f93534005 Documentation
wizard
parents: 51
diff changeset
134 Контекст безопасности, если не указан, то используется текущий C<< IMPL::Security::Context->contextCurrent >>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
135
f47f93534005 Documentation
wizard
parents: 51
diff changeset
136 =item C<returns>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
137
f47f93534005 Documentation
wizard
parents: 51
diff changeset
138 C<true | false> - результат проверки
f47f93534005 Documentation
wizard
parents: 51
diff changeset
139
f47f93534005 Documentation
wizard
parents: 51
diff changeset
140 =back
f47f93534005 Documentation
wizard
parents: 51
diff changeset
141
73
wizard
parents: 66
diff changeset
142 =item C<MakeContext($principal,$role,$auth)>
wizard
parents: 66
diff changeset
143
wizard
parents: 66
diff changeset
144 Создает контекст безопасности, инициализируя его передданными параметрами.
wizard
parents: 66
diff changeset
145
wizard
parents: 66
diff changeset
146 =over
wizard
parents: 66
diff changeset
147
wizard
parents: 66
diff changeset
148 =item C<$principal>
wizard
parents: 66
diff changeset
149
wizard
parents: 66
diff changeset
150 Объект пользователя
wizard
parents: 66
diff changeset
151
wizard
parents: 66
diff changeset
152 =item C<$role>
wizard
parents: 66
diff changeset
153
wizard
parents: 66
diff changeset
154 Роль или ссылка на массив ролей
wizard
parents: 66
diff changeset
155
wizard
parents: 66
diff changeset
156 =item C<$auth>
wizard
parents: 66
diff changeset
157
wizard
parents: 66
diff changeset
158 Объект аутентификации
wizard
parents: 66
diff changeset
159
wizard
parents: 66
diff changeset
160 =back
wizard
parents: 66
diff changeset
161
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
162 =item C<Take($principal,$role)>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
163
f47f93534005 Documentation
wizard
parents: 51
diff changeset
164 Метод. Делегирует текущему пользователю полномочия другого пользователя. При этом выполняется проверка
f47f93534005 Documentation
wizard
parents: 51
diff changeset
165 правомерности такой операции. В случае неудачи вызывается исключение.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
166
f47f93534005 Documentation
wizard
parents: 51
diff changeset
167 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
168
f47f93534005 Documentation
wizard
parents: 51
diff changeset
169 =item C<$principal>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
170
f47f93534005 Documentation
wizard
parents: 51
diff changeset
171 Либо имя пользователя либо объект C<IMPL::Security::Principal>.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
172
f47f93534005 Documentation
wizard
parents: 51
diff changeset
173 =item C<$role>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
174
f47f93534005 Documentation
wizard
parents: 51
diff changeset
175 Либо имя либо ссылка на роль, или ссылка на массив либо имен, либо ролей.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
176
f47f93534005 Documentation
wizard
parents: 51
diff changeset
177 =item C<returns>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
178
f47f93534005 Documentation
wizard
parents: 51
diff changeset
179 Новый контекст безопасности.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
180
f47f93534005 Documentation
wizard
parents: 51
diff changeset
181 =back
f47f93534005 Documentation
wizard
parents: 51
diff changeset
182
73
wizard
parents: 66
diff changeset
183 =item C<Rules()>
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
184
f47f93534005 Documentation
wizard
parents: 51
diff changeset
185 Возвращает список правил которые выполняются при проверках доступа. Пререопределите этот
f47f93534005 Documentation
wizard
parents: 51
diff changeset
186 метод, чтобы возвращать собственный список правил. Список правил является ссылкой на массив
f47f93534005 Documentation
wizard
parents: 51
diff changeset
187 элементами которого являются функции.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
188
f47f93534005 Documentation
wizard
parents: 51
diff changeset
189 =begin code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
190
f47f93534005 Documentation
wizard
parents: 51
diff changeset
191 package MySecurity;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
192
f47f93534005 Documentation
wizard
parents: 51
diff changeset
193 use base qw(IMPL::Security);
f47f93534005 Documentation
wizard
parents: 51
diff changeset
194
f47f93534005 Documentation
wizard
parents: 51
diff changeset
195 sub Rules {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
196 return [
f47f93534005 Documentation
wizard
parents: 51
diff changeset
197 \&Rule1,
f47f93534005 Documentation
wizard
parents: 51
diff changeset
198 \&Rule2,
f47f93534005 Documentation
wizard
parents: 51
diff changeset
199 #...
f47f93534005 Documentation
wizard
parents: 51
diff changeset
200 ]
f47f93534005 Documentation
wizard
parents: 51
diff changeset
201 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
202
f47f93534005 Documentation
wizard
parents: 51
diff changeset
203 =end code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
204
f47f93534005 Documentation
wizard
parents: 51
diff changeset
205 =back
50
wizard@linux-odin.local
parents: 49
diff changeset
206
wizard@linux-odin.local
parents: 49
diff changeset
207 =cut