annotate Lib/IMPL/Web/Security.pm @ 102:cf3b6ef2be22

Schema beta version
author wizard
date Fri, 07 May 2010 08:05:23 +0400
parents 964587c5183c
children 0e72ad99eef7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
1 package IMPL::Web::Security;
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
2 use strict;
73
wizard
parents: 66
diff changeset
3 use base qw(IMPL::Object IMPL::Security IMPL::Object::Autofill);
wizard
parents: 66
diff changeset
4
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
5 require IMPL::Web::Security::Session;
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
6
73
wizard
parents: 66
diff changeset
7 use IMPL::Class::Property;
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
8 use IMPL::Security::Auth qw(:Const);
73
wizard
parents: 66
diff changeset
9
wizard
parents: 66
diff changeset
10 __PACKAGE__->PassThroughArgs;
wizard
parents: 66
diff changeset
11
wizard
parents: 66
diff changeset
12 BEGIN {
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
13 public property sourceUser => prop_all;
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
14 public property sourceSession => prop_all;
73
wizard
parents: 66
diff changeset
15 }
wizard
parents: 66
diff changeset
16
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
17 sub AuthUser {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
18 my ($this,$name,$package,$challenge) = @_;
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
19
97
964587c5183c Added SecureCall to Web QueryHandlers stack
wizard
parents: 94
diff changeset
20 my $user = $this->sourceUser->find({name => $name}) or return { status => AUTH_FAIL, answer => "Can't find a user '$name'" };
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
21
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
22 my $auth;
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
23 if ( my $secData = $user->secData($package) ) {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
24 $auth = $package->new($secData);
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
25 } else {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
26 die new IMPL::SecurityException("Authentication failed","A sec data for the $package isn't found");
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
27 }
79
2d1c3f713280 ORM concept in development
wizard
parents: 73
diff changeset
28
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
29 my ($status,$answer) = $auth->DoAuth($challenge);
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
30
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
31 if ($status == AUTH_FAIL) {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
32 die new IMPL::SecurityException("Authentication failed","DoAuth failed");
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
33 }
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
34
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
35 return {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
36 status => $status,
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
37 answer => $answer,
94
79bf75223afe Fixed security related bugs
wizard
parents: 87
diff changeset
38 context => $this->MakeContext( $user, [$user->roles], $auth )
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
39 }
73
wizard
parents: 66
diff changeset
40 }
wizard
parents: 66
diff changeset
41
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
42 sub MakeContext {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
43 my ($this,$principal,$roles,$auth) = @_;
73
wizard
parents: 66
diff changeset
44
83
74bae30eb25e (no commit message)
wizard
parents: 81
diff changeset
45 return $this->sourceSession->create(
81
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
46 {
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
47 principal => $principal,
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
48 rolesAssigned => $roles,
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
49 auth => $auth
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
50 }
077357224bec IMPL::Web::Security alpha version
Sergey
parents: 79
diff changeset
51 );
73
wizard
parents: 66
diff changeset
52 }
wizard
parents: 66
diff changeset
53
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
54 1;
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
55
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
56 __END__
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
57
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
58 =pod
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
59
73
wizard
parents: 66
diff changeset
60 =head1 NAME
wizard
parents: 66
diff changeset
61
wizard
parents: 66
diff changeset
62 C<IMPL::Web::Security> Модуль для аутентификации и авторизации веб запроса.
wizard
parents: 66
diff changeset
63
wizard
parents: 66
diff changeset
64 =head1 SINOPSYS
wizard
parents: 66
diff changeset
65
wizard
parents: 66
diff changeset
66 =begin code xml
wizard
parents: 66
diff changeset
67
wizard
parents: 66
diff changeset
68 <security type='IMPL::Config::Activator'>
wizard
parents: 66
diff changeset
69 <factory>IMPL::Web::Security</factory>
wizard
parents: 66
diff changeset
70 <parameters type='HASH'>
wizard
parents: 66
diff changeset
71 <sessionFactory type='IMPL::Object::Factory'>
wizard
parents: 66
diff changeset
72 <factory type='IMPL::Object::Factory'>App::Data::Session</factory>
wizard
parents: 66
diff changeset
73 <method>insert</method>
wizard
parents: 66
diff changeset
74 </sessionFactory>
wizard
parents: 66
diff changeset
75 </parameters>
wizard
parents: 66
diff changeset
76 </security>
wizard
parents: 66
diff changeset
77
wizard
parents: 66
diff changeset
78 =end code xml
wizard
parents: 66
diff changeset
79
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
80 =head1 DESCRIPTION
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
81
73
wizard
parents: 66
diff changeset
82 Отвечает за инфраструктуру аутентификации и авторизации запросов. Основная особенность
wizard
parents: 66
diff changeset
83 заключается в том, что запросы приходят через значительные интевалы времени, хотя и
wizard
parents: 66
diff changeset
84 относятся к одной логической транзакции. В промежутках между запросами сервер не
wizard
parents: 66
diff changeset
85 сохраняет свое состояние. Поэтому при каждом обращении сервер восстанавливает
wizard
parents: 66
diff changeset
86 контекст безопасности.
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
87
73
wizard
parents: 66
diff changeset
88 C<IMPL::Web::Session> Объект обеспечивающий сохранение состояния в рамках одной сессии
wizard
parents: 66
diff changeset
89 пользователя. Кроме контекста безопасности хранит дополнительние данные, которые необходимо
wizard
parents: 66
diff changeset
90 сохранить между обработкой запросов.
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
91
73
wizard
parents: 66
diff changeset
92 C<IMPL::Web::User> Объект, устанавливающий связь между идентификатором пользователя
wizard
parents: 66
diff changeset
93 C<IMPL::Security::Principal>, его ролями и данными безопасности для создания объектов
wizard
parents: 66
diff changeset
94 аутентификации C<IMPL::Security::Auth>.
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
95
73
wizard
parents: 66
diff changeset
96 =head1 MEMBERS
52
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
97
15d720913562 security in work
wizard@linux-odin.local
parents:
diff changeset
98 =cut