annotate lib/IMPL/Security/Context.pm @ 420:df591e3afd10 ref20150831

sync
author cin
date Sat, 25 Feb 2017 22:35:26 +0300
parents c6e90e02dd17
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
407
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
1 package IMPL::Security::Context;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
2 use strict;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
3 use warnings;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
4
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
5 use IMPL::require {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
6 AbstractContext => 'IMPL::Security::AbstractContext',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
7 };
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
8
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
9 use IMPL::declare {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
10 require => {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
11 Principal => 'IMPL::Security::Principal',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
12 Role => 'IMPL::Security::Role',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
13 Exception => 'IMPL::Exception',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
14 ArgumentException => '-IMPL::InvalidArgumentException'
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
15 },
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
16 base => [
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
17 'IMPL::Object' => undef,
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
18 'IMPL::Object::Autofill' => '@_',
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
19 'IMPL::Security::AbstractContext' => undef,
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
20 ],
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
21 props => [
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
22 @{AbstractContext->abstractProps()}
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
23 ]
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
24 };
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
25
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
26 __PACKAGE__->abstractProps([]);
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
27
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
28
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
29 my $nobody;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
30
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
31 sub CTOR {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
32 my ($this) = @_;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
33
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
34 die ArgumentException->new("The parameter is required", 'principal') unless $this->principal;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
35 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
36
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
37 sub nobody {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
38 my ($self) = @_;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
39 $nobody = $self->new(principal => Principal->nobody) unless $nobody;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
40 $nobody;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
41 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
42
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
43 sub isTrusted {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
44 return 1;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
45 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
46
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
47 1;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
48
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
49 __END__
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
50
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
51 =pod
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
52
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
53 =head1 NAME
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
54
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
55 C<IMPL::Security::Context> - реализация контекста безопасности создаваемого в
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
56 приложении.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
57
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
58 =head1 SYNOPSIS
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
59
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
60 =begin code
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
61
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
62 my $context = IMPL::Security::Context->nobody;
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
63
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
64 my $result = $context->Impersonate(
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
65 sub {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
66 # do some untrusted code
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
67 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
68 );
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
69
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
70 $context = IMPL::Security::Context->new(
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
71 principal => $user,
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
72 assignedRoles => [
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
73 $backupRole,
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
74 $controlRole
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
75 ]
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
76 );
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
77
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
78 $context->Impersonate(
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
79 sub {
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
80
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
81 # do some authorized operations
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
82
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
83 $service->backupData('current.bak');
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
84 $service->stop();
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
85 }
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
86 );
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
87
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
88 =end code
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
89
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
90 =head1 DESCRIPTION
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
91
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
92 C<autofill>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
93
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
94 Данная реализация контекста безопасности не привязана ни к источнику данных
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
95 ни к пакету аутентификации и авторизации, ее приложение может создать в любой
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
96 момент, при этом система сама несет ответственность за последствия.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
97
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
98 Данный контекст нужен для выполнения системой служебных функций.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
99
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
100 =head1 MEMBERS
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
101
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
102 см. также C<IMPL::Security::AbstractContext>.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
103
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
104 =head2 C<CTOR(%props)>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
105
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
106 Создает объект и заполняет его свойствами. C<principal> должен быть обязательно
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
107 указан.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
108
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
109 =head2 C<[static,get] nobody>
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
110
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
111 Контекст для неаутентифицированных пользователей, минимум прав.
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
112
c6e90e02dd17 renamed Lib->lib
cin
parents:
diff changeset
113 =cut