GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Authen::PAAS::Context(3) User Contributed Perl Documentation Authen::PAAS::Context(3)

Authen::PAAS::Context - authentication a subject using login modules

  use Authen::PAAS::Context;
  use Authen::PAAS::SimpleCallback;
  use Config::Record;

  my $config = Config::Record->new("/etc/myapp.cfg");

  my $context = Authen::PAAS::Context->new($config, "myapp");

  my $callbacks = {
    "username" => Authen::PAAS::SimpleCallback->new("joeblogs"),
    "password" => Authen::PAAS::SimpleCallback->new("123456"),
  };

  my $subject = $context->login($callbacks);

  unless ($subject) {
     die "could not authenticate subject"
  }

  .. do some work using the subject ..

  $context->logout($subject);

The "Authen::PAAS::Context" module provides the controller for invoking a number of login modules, and having them populate a subject with principals and credentials. The authentication process consists of two stages. In the first phase the "login" method is invoked on all modules to perform the actual authentication process. If a module's authentication process succeded, then it may wish to store state to represent the result of authentication in the supplied instance of "Authen::PAAS::State". If the first phase was successful overall, then the "commit" method will be invoked on all modules. The module's "commit" method will check the stored state for the result of the first phase, and if it was successful, then it will add one or more principals and zero or more credentials to the subject. If there is a terminal failure of the authentication process at any point, the abort() method will be invoked on all modules

The Config::Record module is used for accessing configuration file information. The configuration file defines the set of login modules used for performing authentication. The modules have associated flags controlling operation of the login process upon success/failure of a module. The configuration is stored in a single list, named "auth.$APP" where $APP is the name token passed into the constructor of the "Authen::PAAS::Context" object. Each element in the list is a dictionary, with the key "module" defining the class name of the login module, the key "flags" defining the login flags and "options" defining any module specific options. For example, a web application may have a a username/password in the main login page, but elsewhere use a cookie as the authentication data. In this case, a configuration look like

  auth.mail-archive = (
    {
      module = Authen::PAAS::DB::PasswdLogin
      flags = optional
    }
    {
      module = Authen::PAAS::CGI::CookieLogin
      flags = requisite
      options = {
        secret = /etc/authen-paas/authen-paas-cgi-secret.dat
        user-module = Authen::PAAS::DB::User
      }
    }
  )

$obj = Authen::PAAS::Context->new();
Create
my $subject = $ctx->login(\%callbacks);
Attempt to authenticate the user, using data obtained from the callbacks passed in as the first parameter. The callbacks should be a hash reference, where keys are the callback name, and the values are instances of the "Authen::PAAS::Callback" module. If authentication succeeded, an instance of the "Authen::PAAS::Subject" module will be returned, otherwise an undefined value will be returned.
$ctx->logout($subject)
Takes an authenticated subject and performs a logout operation. This method would typically destroy any tokens / credentials that might exist beyond the lifetime of the current process.

Daniel Berrange <dan@berrange.com>

Copyright (C) 2004-2006 Daniel Berrange

Authen::PAAS, Authen::PAAS::LoginModule, Authen::PAAS::Subject
2006-06-04 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.