annotate Lib/IMPL/Security.pm @ 72:eac47fa4f262

docs
author wizard
date Fri, 26 Mar 2010 16:26:31 +0300
parents f47f93534005
children 2f31ecabe9ea
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 0
diff changeset
1 package IMPL::Security;
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
2 require IMPL::Security::Context;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
3 require IMPL::Security::Rule::RoleCheck;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
4
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
5 our @rules = (
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
6 \&IMPL::Security::Rule::RoleCheck::SatisfyAll
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
7 );
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
8
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
9 sub AccessCheck {
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
10 my ($self, $object, $desiredAccess, $context) = @_;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
11
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
12 $context = IMPL::Security::Context->contextCurrent;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
13
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
14 $_->() or return 0 foreach @{$self->Rules};
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
15
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
16 return 1;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
17 }
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
18
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
19 sub Take {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
20 my ($self,$principal,$refRoles) = @_;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
21
f47f93534005 Documentation
wizard
parents: 51
diff changeset
22 die new IMPL::NotImplementedException();
f47f93534005 Documentation
wizard
parents: 51
diff changeset
23 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
24
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
25 sub Rules {
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
26 return \@rules;
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
27 }
49
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 0
diff changeset
28
16ada169ca75 migrating to the Eclipse IDE
wizard@linux-odin.local
parents: 0
diff changeset
29 1;
50
wizard@linux-odin.local
parents: 49
diff changeset
30
wizard@linux-odin.local
parents: 49
diff changeset
31 __END__
wizard@linux-odin.local
parents: 49
diff changeset
32
wizard@linux-odin.local
parents: 49
diff changeset
33 =pod
wizard@linux-odin.local
parents: 49
diff changeset
34
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
35 =head1 NAME
f47f93534005 Documentation
wizard
parents: 51
diff changeset
36
f47f93534005 Documentation
wizard
parents: 51
diff changeset
37 C<IMPL::Security> - Модуль для работы с функциями авторизации и аутентификации.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
38
f47f93534005 Documentation
wizard
parents: 51
diff changeset
39 =head1 SINOPSYS
f47f93534005 Documentation
wizard
parents: 51
diff changeset
40
f47f93534005 Documentation
wizard
parents: 51
diff changeset
41 =begin code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
42
f47f93534005 Documentation
wizard
parents: 51
diff changeset
43 use IMPL::Security;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
44
f47f93534005 Documentation
wizard
parents: 51
diff changeset
45 my Method {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
46 my $this = shift;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
47
f47f93534005 Documentation
wizard
parents: 51
diff changeset
48 # access check in the current context, using standard configuration
f47f93534005 Documentation
wizard
parents: 51
diff changeset
49 IMPL::Security->AccessCheck($this,'Method') or die new IMPL::AccessDeniedException("Access is denied");
f47f93534005 Documentation
wizard
parents: 51
diff changeset
50
f47f93534005 Documentation
wizard
parents: 51
diff changeset
51 #some more results
f47f93534005 Documentation
wizard
parents: 51
diff changeset
52 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
53
f47f93534005 Documentation
wizard
parents: 51
diff changeset
54 my DelegationMethod {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
55
f47f93534005 Documentation
wizard
parents: 51
diff changeset
56 my $this = shift;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
57
f47f93534005 Documentation
wizard
parents: 51
diff changeset
58 #forced delegation
f47f93534005 Documentation
wizard
parents: 51
diff changeset
59 my $delegatedContext = IMPL::Security::Context->new(
f47f93534005 Documentation
wizard
parents: 51
diff changeset
60 Principal => IMPL::Security::Principal->new(
f47f93534005 Documentation
wizard
parents: 51
diff changeset
61 Name => 'suser'
f47f93534005 Documentation
wizard
parents: 51
diff changeset
62 ),
f47f93534005 Documentation
wizard
parents: 51
diff changeset
63 AssignedRoles => ['administrator']
f47f93534005 Documentation
wizard
parents: 51
diff changeset
64 )
f47f93534005 Documentation
wizard
parents: 51
diff changeset
65
f47f93534005 Documentation
wizard
parents: 51
diff changeset
66 my $result;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
67
f47f93534005 Documentation
wizard
parents: 51
diff changeset
68 $delegatedContext->Impersonate(sub{
f47f93534005 Documentation
wizard
parents: 51
diff changeset
69 $result = $this->Method();
f47f93534005 Documentation
wizard
parents: 51
diff changeset
70 });
f47f93534005 Documentation
wizard
parents: 51
diff changeset
71
f47f93534005 Documentation
wizard
parents: 51
diff changeset
72 return $result;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
73 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
74
f47f93534005 Documentation
wizard
parents: 51
diff changeset
75 my SafeDelegationMethod {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
76
f47f93534005 Documentation
wizard
parents: 51
diff changeset
77 my $this = shift;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
78
f47f93534005 Documentation
wizard
parents: 51
diff changeset
79 my $delegatedContext = IMPL::Security->Take( suser => 'administrator' );
f47f93534005 Documentation
wizard
parents: 51
diff changeset
80
f47f93534005 Documentation
wizard
parents: 51
diff changeset
81 my $result;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
82
f47f93534005 Documentation
wizard
parents: 51
diff changeset
83 $delegatedContext->Impersonate(sub{
f47f93534005 Documentation
wizard
parents: 51
diff changeset
84 $result = $this->Method();
f47f93534005 Documentation
wizard
parents: 51
diff changeset
85 });
f47f93534005 Documentation
wizard
parents: 51
diff changeset
86
f47f93534005 Documentation
wizard
parents: 51
diff changeset
87 return $result;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
88 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
89
f47f93534005 Documentation
wizard
parents: 51
diff changeset
90 =end code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
91
50
wizard@linux-odin.local
parents: 49
diff changeset
92 =head1 DESCRIPTION
wizard@linux-odin.local
parents: 49
diff changeset
93
51
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
94 Модуль для инфраструктуры безопасности, реализует основные функции для авторизации
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
95 и аутентификации пользователей.
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
96
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
97 Модуль аутентификации, реализиция которого зависит от приложения, аутентифицирует
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
98 пользователя, при этом создается контекст безопасности, который содержит
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
99 идентификатор пользователя и список активных ролей.
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
100
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
101 При проверке прав доступа происходит последовательная проверка правил доступа,
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
102 если все правила выполнены, то доступ разрешается.
a1498298d3ee Security in progress
wizard@linux-odin.local
parents: 50
diff changeset
103
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
104 =head1 MEMBERS
50
wizard@linux-odin.local
parents: 49
diff changeset
105
66
f47f93534005 Documentation
wizard
parents: 51
diff changeset
106 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
107
f47f93534005 Documentation
wizard
parents: 51
diff changeset
108 =item C<AccessCheck($object,$desiredAccess,$context)>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
109
f47f93534005 Documentation
wizard
parents: 51
diff changeset
110 Метод. Проверка доступа к объекту с определенными правами, в определенном контексте безопасности.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
111
f47f93534005 Documentation
wizard
parents: 51
diff changeset
112 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
113
f47f93534005 Documentation
wizard
parents: 51
diff changeset
114 =item C<$object>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
115
f47f93534005 Documentation
wizard
parents: 51
diff changeset
116 Объект доступа.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
117
f47f93534005 Documentation
wizard
parents: 51
diff changeset
118 =item C<$desiredAccess>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
119
f47f93534005 Documentation
wizard
parents: 51
diff changeset
120 Требуемые права доступа.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
121
f47f93534005 Documentation
wizard
parents: 51
diff changeset
122 =item C<$context>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
123
f47f93534005 Documentation
wizard
parents: 51
diff changeset
124 Контекст безопасности, если не указан, то используется текущий C<< IMPL::Security::Context->contextCurrent >>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
125
f47f93534005 Documentation
wizard
parents: 51
diff changeset
126 =item C<returns>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
127
f47f93534005 Documentation
wizard
parents: 51
diff changeset
128 C<true | false> - результат проверки
f47f93534005 Documentation
wizard
parents: 51
diff changeset
129
f47f93534005 Documentation
wizard
parents: 51
diff changeset
130 =back
f47f93534005 Documentation
wizard
parents: 51
diff changeset
131
f47f93534005 Documentation
wizard
parents: 51
diff changeset
132 =item C<Take($principal,$role)>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
133
f47f93534005 Documentation
wizard
parents: 51
diff changeset
134 Метод. Делегирует текущему пользователю полномочия другого пользователя. При этом выполняется проверка
f47f93534005 Documentation
wizard
parents: 51
diff changeset
135 правомерности такой операции. В случае неудачи вызывается исключение.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
136
f47f93534005 Documentation
wizard
parents: 51
diff changeset
137 =over
f47f93534005 Documentation
wizard
parents: 51
diff changeset
138
f47f93534005 Documentation
wizard
parents: 51
diff changeset
139 =item C<$principal>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
140
f47f93534005 Documentation
wizard
parents: 51
diff changeset
141 Либо имя пользователя либо объект C<IMPL::Security::Principal>.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
142
f47f93534005 Documentation
wizard
parents: 51
diff changeset
143 =item C<$role>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
144
f47f93534005 Documentation
wizard
parents: 51
diff changeset
145 Либо имя либо ссылка на роль, или ссылка на массив либо имен, либо ролей.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
146
f47f93534005 Documentation
wizard
parents: 51
diff changeset
147 =item C<returns>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
148
f47f93534005 Documentation
wizard
parents: 51
diff changeset
149 Новый контекст безопасности.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
150
f47f93534005 Documentation
wizard
parents: 51
diff changeset
151 =back
f47f93534005 Documentation
wizard
parents: 51
diff changeset
152
f47f93534005 Documentation
wizard
parents: 51
diff changeset
153 =item C<Roles()>
f47f93534005 Documentation
wizard
parents: 51
diff changeset
154
f47f93534005 Documentation
wizard
parents: 51
diff changeset
155 Возвращает список правил которые выполняются при проверках доступа. Пререопределите этот
f47f93534005 Documentation
wizard
parents: 51
diff changeset
156 метод, чтобы возвращать собственный список правил. Список правил является ссылкой на массив
f47f93534005 Documentation
wizard
parents: 51
diff changeset
157 элементами которого являются функции.
f47f93534005 Documentation
wizard
parents: 51
diff changeset
158
f47f93534005 Documentation
wizard
parents: 51
diff changeset
159 =begin code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
160
f47f93534005 Documentation
wizard
parents: 51
diff changeset
161 package MySecurity;
f47f93534005 Documentation
wizard
parents: 51
diff changeset
162
f47f93534005 Documentation
wizard
parents: 51
diff changeset
163 use base qw(IMPL::Security);
f47f93534005 Documentation
wizard
parents: 51
diff changeset
164
f47f93534005 Documentation
wizard
parents: 51
diff changeset
165 sub Rules {
f47f93534005 Documentation
wizard
parents: 51
diff changeset
166 return [
f47f93534005 Documentation
wizard
parents: 51
diff changeset
167 \&Rule1,
f47f93534005 Documentation
wizard
parents: 51
diff changeset
168 \&Rule2,
f47f93534005 Documentation
wizard
parents: 51
diff changeset
169 #...
f47f93534005 Documentation
wizard
parents: 51
diff changeset
170 ]
f47f93534005 Documentation
wizard
parents: 51
diff changeset
171 }
f47f93534005 Documentation
wizard
parents: 51
diff changeset
172
f47f93534005 Documentation
wizard
parents: 51
diff changeset
173 =end code
f47f93534005 Documentation
wizard
parents: 51
diff changeset
174
f47f93534005 Documentation
wizard
parents: 51
diff changeset
175 =back
50
wizard@linux-odin.local
parents: 49
diff changeset
176
wizard@linux-odin.local
parents: 49
diff changeset
177 =cut