/ 
Authen-PAAS-1.1.0
/ Authen::PAAS::Context

NAME

Authen::PAAS::Context - authentication a subject using login modules

SYNOPSIS

use Authen::PAAS::Context;
use Authen::PAAS::SimpleCallback;
use Config::Record;

my $config = Config::Record->new("/etc/myapp.cfg");

my $context = Authen::PAAS::Context->new($config, "myapp");

my $callbacks = {
  "username" => Authen::PAAS::SimpleCallback->new("joeblogs"),
  "password" => Authen::PAAS::SimpleCallback->new("123456"),
};

my $subject = $context->login($callbacks);

unless ($subject) {
   die "could not authenticate subject"
}

.. do some work using the subject ..

$context->logout($subject);

DESCRIPTION

The Authen::PAAS::Context module provides the controller for invoking a number of login modules, and having them populate a subject with principals and credentials. The authentication process consists of two stages. In the first phase the login method is invoked on all modules to perform the actual authentication process. If a module's authentication process succeded, then it may wish to store state to represent the result of authentication in the supplied instance of Authen::PAAS::State. If the first phase was successful overall, then the commit method will be invoked on all modules. The module's commit method will check the stored state for the result of the first phase, and if it was successful, then it will add one or more principals and zero or more credentials to the subject. If there is a terminal failure of the authentication process at any point, the abort() method will be invoked on all modules

CONFIGURATION

The Config::Record module is used for accessing configuration file information. The configuration file defines the set of login modules used for performing authentication. The modules have associated flags controlling operation of the login process upon success/failure of a module. The configuration is stored in a single list, named auth.$APP where $APP is the name token passed into the constructor of the Authen::PAAS::Context object. Each element in the list is a dictionary, with the key module defining the class name of the login module, the key flags defining the login flags and options defining any module specific options. For example, a web application may have a a username/password in the main login page, but elsewhere use a cookie as the authentication data. In this case, a configuration look like

auth.mail-archive = (
  {
    module = Authen::PAAS::DB::PasswdLogin
    flags = optional
  }
  {
    module = Authen::PAAS::CGI::CookieLogin
    flags = requisite
    options = {
      secret = /etc/authen-paas/authen-paas-cgi-secret.dat
      user-module = Authen::PAAS::DB::User
    }
  }
)

METHODS

    $obj = Authen::PAAS::Context->new();

    Create

AUTHORS

Daniel Berrange <dan@berrange.com>

COPYRIGHT

Copyright (C) 2004 Daniel Berrange

SEE ALSO

perl(1)

2 POD Errors

The following errors were encountered while parsing the POD:

Around line 110:

You can't have =items (as at line 125) unless the first thing after the =over is an =item

Around line 247:

=back doesn't take any parameters, but you said =back 4