Mercurial > pub > Impl

annotate Lib/IMPL/Security.pm @ 366:935629bf80df

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
model metadata, in progress
author cin
date Mon, 02 Dec 2013 17:44:38 +0400
parents 814d755e5d12
children d5c8b955bf8d
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 0
diff changeset
1 package IMPL::Security;
230
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
2 use strict;
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
3 use Carp qw(carp);
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
4
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
5 ##VERSION##
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
6
6d8092d8ce1b *reworked IMPL::Security
sergey
parents: 194
diff changeset
7 require IMPL::Exception;
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
8 require IMPL::Security::Rule::RoleCheck;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
9
247
sergey
parents: 245
diff changeset
10 use IMPL::require {
sergey
parents: 245
diff changeset
11 Principal => 'IMPL::Security::Principal',
sergey
parents: 245
diff changeset
12 AbstractContext => 'IMPL::Security::AbstractContext',
sergey
parents: 245
diff changeset
13 Context => 'IMPL::Security::Context'
sergey
parents: 245
diff changeset
14 };
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
15
247
sergey
parents: 245
diff changeset
16 our @RULES;
95
67eb8eaec3d4 Added a security authority property to the Context and Security classes
wizard
parents: 74
diff changeset
17
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
18 sub AccessCheck {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
19 my ($self, $object, $desiredAccess, $context) = @_;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
20
247
sergey
parents: 245
diff changeset
21 $context ||= $self->context;
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
22
247
sergey
parents: 245
diff changeset
23 $_->($self,$object,$desiredAccess,$context) or return 0 foreach @{$self->Rules};
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
24
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
25 return 1;
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
26 }
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
27
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
28 sub Take {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
29 my ($self,$principal,$refRoles) = @_;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
30
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
31 die new IMPL::NotImplementedException();
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
32 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
33
73
wizard
parents: 66
diff changeset
34 sub MakeContext {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
35 my ($this,$principal,$refRoles,$auth) = @_;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
36
247
sergey
parents: 245
diff changeset
37 return Context->new(
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
38 principal => $principal,
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
39 rolesAssigned => $refRoles,
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
40 auth => $auth
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
41 );
73
wizard
parents: 66
diff changeset
42 }
wizard
parents: 66
diff changeset
43
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
44 sub Rules {
247
sergey
parents: 245
diff changeset
45 return \@RULES;
95
67eb8eaec3d4 Added a security authority property to the Context and Security classes
wizard
parents: 74
diff changeset
46 }
67eb8eaec3d4 Added a security authority property to the Context and Security classes
wizard
parents: 74
diff changeset
47
245
7c517134c42f Added Unsupported media type Web exception
sergey
parents: 230
diff changeset
48 sub principal {
7c517134c42f Added Unsupported media type Web exception
sergey
parents: 230
diff changeset
49 return
247
sergey
parents: 245
diff changeset
50 AbstractContext->current
sergey
parents: 245
diff changeset
51 && AbstractContext->current->principal
sergey
parents: 245
diff changeset
52 || Principal->nobody;
245
7c517134c42f Added Unsupported media type Web exception
sergey
parents: 230
diff changeset
53 }
7c517134c42f Added Unsupported media type Web exception
sergey
parents: 230
diff changeset
54
7c517134c42f Added Unsupported media type Web exception
sergey
parents: 230
diff changeset
55 sub context {
248
814d755e5d12 Minor fixes
sergey
parents: 247
diff changeset
56 AbstractContext->current || Context->nobody;
245
7c517134c42f Added Unsupported media type Web exception
sergey
parents: 230
diff changeset
57 }
7c517134c42f Added Unsupported media type Web exception
sergey
parents: 230
diff changeset
58
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 0
diff changeset
59 1;
50
wizard@linux-odin.local
parents: 49
diff changeset
60
wizard@linux-odin.local
parents: 49
diff changeset
61 __END__
wizard@linux-odin.local
parents: 49
diff changeset
62
wizard@linux-odin.local
parents: 49
diff changeset
63 =pod
wizard@linux-odin.local
parents: 49
diff changeset
64
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
65 =head1 NAME
f47f93534005 Documentation
wizard
parents: 51
diff changeset
66
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
67 C<IMPL::Security> - Модуль для работы с функциями авторизации и аутентификации.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
68
f47f93534005 Documentation
wizard
parents: 51
diff changeset
69 =head1 SINOPSYS
f47f93534005 Documentation
wizard
parents: 51
diff changeset
70
f47f93534005 Documentation
wizard
parents: 51
diff changeset
71 =begin code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
72
f47f93534005 Documentation
wizard
parents: 51
diff changeset
73 use IMPL::Security;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
74
f47f93534005 Documentation
wizard
parents: 51
diff changeset
75 my Method {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
76 my $this = shift;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
77
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
78 # access check in the current context, using standard configuration
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
79 IMPL::Security->AccessCheck($this,'Method') or die new IMPL::AccessDeniedException("Access is denied");
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
80
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
81 #some more results
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
82 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
83
f47f93534005 Documentation
wizard
parents: 51
diff changeset
84 my DelegationMethod {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
85
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
86 my $this = shift;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
87
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
88 #forced delegation
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
89 my $delegatedContext = IMPL::Security::Context->new(
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
90 principal => IMPL::Security::Principal->new(
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
91 name => 'suser'
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
92 ),
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
93 rolesAssigned => ['administrator']
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
94 )
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
95
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
96 my $result;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
97
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
98 $delegatedContext->Impersonate(sub{
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
99 $result = $this->Method();
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
100 });
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
101
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
102 return $result;
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
103 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
104
f47f93534005 Documentation
wizard
parents: 51
diff changeset
105 my SafeDelegationMethod {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
106
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
107 my $this = shift;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
108
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
109 my $delegatedContext = IMPL::Security->Take( suser => 'administrator' );
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
110
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
111 my $result;
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
112
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
113 $delegatedContext->Impersonate(sub{
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
114 $result = $this->Method();
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
115 });
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
116
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
117 return $result;
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
118 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
119
f47f93534005 Documentation
wizard
parents: 51
diff changeset
120 =end code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
121
50
wizard@linux-odin.local
parents: 49
diff changeset
122 =head1 DESCRIPTION
wizard@linux-odin.local
parents: 49
diff changeset
123
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
124 Модуль для инфраструктуры безопасности, реализует основные функции для авторизации
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
125 и аутентификации пользователей.
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
126
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
127 Модуль аутентификации, реализиция которого зависит от приложения, аутентифицирует
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
128 пользователя, при этом создается контекст безопасности, который содержит
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
129 идентификатор пользователя и список активных ролей.
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
130
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
131 При проверке прав доступа происходит последовательная проверка правил доступа,
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
132 если все правила выполнены, то доступ разрешается.
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
133
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
134 =head1 MEMBERS
50
wizard@linux-odin.local
parents: 49
diff changeset
135
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
136 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
137
f47f93534005 Documentation
wizard
parents: 51
diff changeset
138 =item C<AccessCheck($object,$desiredAccess,$context)>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
139
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
140 Метод. Проверка доступа к объекту с определенными правами, в определенном контексте безопасности.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
141
f47f93534005 Documentation
wizard
parents: 51
diff changeset
142 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
143
f47f93534005 Documentation
wizard
parents: 51
diff changeset
144 =item C<$object>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
145
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
146 Объект доступа.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
147
f47f93534005 Documentation
wizard
parents: 51
diff changeset
148 =item C<$desiredAccess>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
149
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
150 Требуемые права доступа.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
151
f47f93534005 Documentation
wizard
parents: 51
diff changeset
152 =item C<$context>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
153
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
154 Контекст безопасности, если не указан, то используется текущий C<< IMPL::Security::Context->contextCurrent >>
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
155
f47f93534005 Documentation
wizard
parents: 51
diff changeset
156 =item C<returns>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
157
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
158 C<true | false> - результат проверки
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
159
f47f93534005 Documentation
wizard
parents: 51
diff changeset
160 =back
f47f93534005 Documentation
wizard
parents: 51
diff changeset
161
73
wizard
parents: 66
diff changeset
162 =item C<MakeContext($principal,$role,$auth)>
wizard
parents: 66
diff changeset
163
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
164 Создает контекст безопасности, инициализируя его передданными параметрами.
73
wizard
parents: 66
diff changeset
165
wizard
parents: 66
diff changeset
166 =over
wizard
parents: 66
diff changeset
167
wizard
parents: 66
diff changeset
168 =item C<$principal>
wizard
parents: 66
diff changeset
169
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
170 Объект пользователя
73
wizard
parents: 66
diff changeset
171
wizard
parents: 66
diff changeset
172 =item C<$role>
wizard
parents: 66
diff changeset
173
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
174 Роль или ссылка на массив ролей
73
wizard
parents: 66
diff changeset
175
wizard
parents: 66
diff changeset
176 =item C<$auth>
wizard
parents: 66
diff changeset
177
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
178 Объект аутентификации
73
wizard
parents: 66
diff changeset
179
wizard
parents: 66
diff changeset
180 =back
wizard
parents: 66
diff changeset
181
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
182 =item C<Take($principal,$role)>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
183
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
184 Метод. Делегирует текущему пользователю полномочия другого пользователя. При этом выполняется проверка
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
185 правомерности такой операции. В случае неудачи вызывается исключение.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
186
f47f93534005 Documentation
wizard
parents: 51
diff changeset
187 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
188
f47f93534005 Documentation
wizard
parents: 51
diff changeset
189 =item C<$principal>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
190
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
191 Либо имя пользователя либо объект C<IMPL::Security::Principal>.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
192
f47f93534005 Documentation
wizard
parents: 51
diff changeset
193 =item C<$role>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
194
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
195 Либо имя либо ссылка на роль, или ссылка на массив либо имен, либо ролей.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
196
f47f93534005 Documentation
wizard
parents: 51
diff changeset
197 =item C<returns>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
198
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
199 Новый контекст безопасности.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
200
f47f93534005 Documentation
wizard
parents: 51
diff changeset
201 =back
f47f93534005 Documentation
wizard
parents: 51
diff changeset
202
73
wizard
parents: 66
diff changeset
203 =item C<Rules()>
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
204
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
205 Возвращает список правил которые выполняются при проверках доступа. Пререопределите этот
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
206 метод, чтобы возвращать собственный список правил. Список правил является ссылкой на массив
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
207 элементами которого являются функции.
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
208
f47f93534005 Documentation
wizard
parents: 51
diff changeset
209 =begin code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
210
f47f93534005 Documentation
wizard
parents: 51
diff changeset
211 package MySecurity;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
212
166
4267a2ac3d46 Added Class::Template,
wizard
parents: 95
diff changeset
213 use parent qw(IMPL::Security);
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
214
f47f93534005 Documentation
wizard
parents: 51
diff changeset
215 sub Rules {
194
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
216 return [
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
217 \&Rule1,
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
218 \&Rule2,
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
219 #...
4d0e1962161c Replaced tabs with spaces
cin
parents: 180
diff changeset
220 ]
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
221 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
222
f47f93534005 Documentation
wizard
parents: 51
diff changeset
223 =end code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
224
95
67eb8eaec3d4 Added a security authority property to the Context and Security classes
wizard
parents: 74
diff changeset
225 =item C<[static,get] authority>
67eb8eaec3d4 Added a security authority property to the Context and Security classes
wizard
parents: 74
diff changeset
226
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
227 Метод, позволяющий получить текущий источник системы безопасности. Источник безопасности, это модуль,
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
228 который получает входные данные и использует их для работы системы безопасности.
95
67eb8eaec3d4 Added a security authority property to the Context and Security classes
wizard
parents: 74
diff changeset
229
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
230 =back
50
wizard@linux-odin.local
parents: 49
diff changeset
231
180
d1676be8afcc Перекодировка в utf-8
sourcer
parents: 172
diff changeset
232 =cut