Mercurial > pub > Impl

changeset 357:ec58c47edb52

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
web security: code cleanup, refactoring
author cin
date Fri, 18 Oct 2013 15:10:10 +0400
parents 97131d500f16
children 248f95c1762a
files Lib/IMPL/Web/Application.pm Lib/IMPL/Web/Application/Action.pm Lib/IMPL/Web/Application/Resource.pm Lib/IMPL/Web/Handler/SecureCookie.pm
diffstat 4 files changed, 26 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/Lib/IMPL/Web/Application.pm	Thu Oct 17 17:48:50 2013 +0400
+++ b/Lib/IMPL/Web/Application.pm	Fri Oct 18 15:10:10 2013 +0400
@@ -25,7 +25,7 @@
 	    baseUrl            => PROP_RW,
 		actionFactory      => PROP_RW,
 		handlers           => PROP_RW | PROP_LIST,
-		security           => PROP_RW,
+		securityFactory    => PROP_RW,
 		output             => PROP_RW,
 		location           => PROP_RO,
 		_handler           => PROP_RW
@@ -45,6 +45,11 @@
 	$this->location(Locator->new(base => $this->baseUrl));
 }
 
+sub CreateSecurity {
+	my $factory = shift->securityFactory;
+	return $factory ? $factory->new() : undef;
+}
+
 sub ProcessRequest {
     my ($this,$q) = @_;
     
--- a/Lib/IMPL/Web/Application/Action.pm	Thu Oct 17 17:48:50 2013 +0400
+++ b/Lib/IMPL/Web/Application/Action.pm	Fri Oct 18 15:10:10 2013 +0400
@@ -30,8 +30,7 @@
     my ($this) = @_;
     
     $this->context({});
-    $this->security($this->application->security->new())
-        if $this->application->security;
+    $this->security($this->application->CreateSecurity());
 }
 
 sub cookie {
--- a/Lib/IMPL/Web/Application/Resource.pm	Thu Oct 17 17:48:50 2013 +0400
+++ b/Lib/IMPL/Web/Application/Resource.pm	Fri Oct 18 15:10:10 2013 +0400
@@ -82,8 +82,16 @@
 	return _InvokeDelegate( $operation, $this, $request );
 }
 
+sub security {
+	shift->request->security
+}
+
+sub verbs {
+	{} # возвращаем пстой список операций
+}
+
 sub GetAllowedMethods {
-	
+	# возвращаем пустой список доступных операций
 }
 
 sub FindChildResourceInfo {
@@ -228,11 +236,14 @@
 
 =head1 MEMBERS
 
+=head2 C<[get]request>
+
+Объект C<IMPL::Web::Application::Action> представляющий запрос к серверу.
+
 =head2 C<[get]application>
 
-Ссылка на приложение, к которому относится данный ресурс. Его следует задавать
-только для коренвых ресурсов, дочерние ресурсы получают это свойство от
-родителей.
+Ссылка на приложение, к которому относится данный ресурс. Получается
+автоматически из объекта запроса.
 
 =head2 C<[get]contract>
 
--- a/Lib/IMPL/Web/Handler/SecureCookie.pm	Thu Oct 17 17:48:50 2013 +0400
+++ b/Lib/IMPL/Web/Handler/SecureCookie.pm	Fri Oct 18 15:10:10 2013 +0400
@@ -21,7 +21,7 @@
     },
     props => [  
         salt => PROP_RO,
-        _manager => PROP_RO,
+        _security => PROP_RO,
         _cookies => PROP_RW
     ]
 };
@@ -57,7 +57,7 @@
     return unless $nextHandler;
     
     my $context;
-    $this->_manager($action->security);
+    $this->_security($action->security);
     
         
     my $sid = $action->cookie('sid',qr/(\w+)/); 
@@ -66,7 +66,7 @@
     
     if ( $this->ValidateCookie($sid,$cookie,$sign) ) {
         # TODO: add a DeferredProxy to deffer a request to a data source
-        if ( $context = $this->_manager->sessions->GetById($sid) ) {
+        if ( $context = $this->_security->sessions->GetById($sid) ) {
             if ( eval { $context->auth->isa(AuthSimple) } ) {
                 my ($result,$challenge) = $context->auth->DoAuth($cookie);
  
@@ -118,7 +118,7 @@
 	        sdata => $cookie
 	    });
 	    
-	    my $context = $this->_manager->sessions->Create({
+	    my $context = $this->_security->sessions->Create({
 	        sessionId => $sid,
 	        principal => $user,
 	        auth => AuthSimple->Create(password => $cookie),