/ 
Gantry-Plugins-Uaf-0.03
River stage zero No dependents
/ Gantry::Plugins::Uaf

NAME

Gantry::Plugins::Uaf - A User Authentication and Authorization Framework

SYNOPSIS

In the Apache Perl startup or app.cgi or app.server:

<Perl>
    # ...
    use MyApp qw{ -Engine=CGI -TemplateEngine=TT Cache Session Uaf};
</Perl>

Inside MyApp.pm:

use Gantry::Plugins::Uaf;

DESCRIPTION

This plugin mixes in a method that will provide session authentication and user authorization. Session authentication is based on a valid username and password. While user authorization is based on application defined rules which grant access to resources. The goal of this module is to be simple and flexiable.

To met this goal four objects are defined. They are Authenticate, Authorize, User and Rule. This package provides basic implementations of those objects.

The Rule object either grants or denies access to a resource. The access is anything you want to use. A resource can be anything you define.

The User object consists of username and attributes. You can define as many and whatever attributes you want. The User object is not tied to any one datastore.

The base Authenticate object has two users hardcoded within. Those users are "admin" and "demo", with corresponding passwords. This object handles the authentication along with basic login and logout functionality.

The base Authorization object has only one rule defined: AllowAll.

Using the default, provided, Authentication and Authorization modules should allow you get your application up and running in minimal time. Once that is done, then you can define your User datastore, what your application rules are and then create your objects. Once you do that, then you can load your own modules with the following config variables.

uaf_authn_factory - The module name for your Authentication object
uaf_authz_factory - The module name for your Authorization object

The defaults for those are:

Gantry::Plugins::Uaf::Authorize
Gantry::Plugins::Uaf::Authenticate

These modules must be on the Perl include path and are loaded during Gantry's startup processing. This plugin also requires the Session plugin.

METHODS

uaf_authenticate

The method that is called for every url. It controls the authentication process, loads the User object and sets the scurity token.

ACCESSORS

uaf_authn

Returns the handle for the Authentication object.

uaf_authz

Returns the handle for the Authorization object.

Example:

    $manager = $gobj->uaf_authz;
if ($manager->can($user, "read", "data")) {

}
uaf_user

Set/Returns the handle for the User object.

Example:

    $user = $gobj->uaf_user;
$gobj->uaf_user($user);

PRIVATE METHODS

get_callbacks

For use by Gantry. Registers the callbacks needed by Uaf during the PerlHandler Apache phase or its moral equivalent.

initialize

This method is called by Gantry it will load and initialize your Authentication and Authorization modules.

do_login

Exposes the url "/login", and calls the login() method of your Authenticaton module.

do_logout

Exposes the url "/logout", and calls the logout() method of your Authentication module.

SEE ALSO

Gantry
Gantry::Plugins::Session
Gantry::Plugins::Uaf::Rule
Gantry::Plugins::Uaf::User
Gantry::Plugins::Uaf::Authorize
Gantry::Plugins::Uaf::Authenticate
Gantry::Plugins::Uaf::AuthorizeFactory

ACKNOWLEGEMENT

This module was heavily influenced by Apache2::SiteControl written by Tony Kay, <tkay@uoregon.edu>.

AUTHOR

Kevin L. Esteb <kesteb@wsipc.org>

COPYRIGHT AND LICENSE

Copyright (C) 2008 Kevin L. Esteb

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.