Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
Authen::PAAS::Context(User Contributed Perl DocumentatAuthen::PAAS::Context(3)

       Authen::PAAS::Context - authentication a	subject	using login modules

	 use Authen::PAAS::Context;
	 use Authen::PAAS::SimpleCallback;
	 use Config::Record;

	 my $config = Config::Record->new("/etc/myapp.cfg");

	 my $context = Authen::PAAS::Context->new($config, "myapp");

	 my $callbacks = {
	   "username" => Authen::PAAS::SimpleCallback->new("joeblogs"),
	   "password" => Authen::PAAS::SimpleCallback->new("123456"),

	 my $subject = $context->login($callbacks);

	 unless	($subject) {
	    die	"could not authenticate	subject"

	 .. do some work using the subject ..


       The "Authen::PAAS::Context" module provides the controller for invoking
       a number	of login modules, and having them populate a subject with
       principals and credentials. The authentication process consists of two
       stages. In the first phase the "login" method is	invoked	on all modules
       to perform the actual authentication process. If	a module's
       authentication process succeded,	then it	may wish to store state	to
       represent the result of authentication in the supplied instance of
       "Authen::PAAS::State". If the first phase was successful	overall, then
       the "commit" method will	be invoked on all modules. The module's
       "commit"	method will check the stored state for the result of the first
       phase, and if it	was successful,	then it	will add one or	more
       principals and zero or more credentials to the subject. If there	is a
       terminal	failure	of the authentication process at any point, the
       abort() method will be invoked on all modules

       The Config::Record module is used for accessing configuration file
       information. The	configuration file defines the set of login modules
       used for	performing authentication. The modules have associated flags
       controlling operation of	the login process upon success/failure of a
       module. The configuration is stored in a	single list, named "auth.$APP"
       where $APP is the name token passed into	the constructor	of the
       "Authen::PAAS::Context" object.	Each element in	the list is a
       dictionary, with	the key	"module" defining the class name of the	login
       module, the key "flags" defining	the login flags	and "options" defining
       any module specific options. For	example, a web application may have a
       a username/password in the main login page, but elsewhere use a cookie
       as the authentication data. In this case, a configuration look like

	 auth.mail-archive = (
	     module = Authen::PAAS::DB::PasswdLogin
	     flags = optional
	     module = Authen::PAAS::CGI::CookieLogin
	     flags = requisite
	     options = {
	       secret =	/etc/authen-paas/authen-paas-cgi-secret.dat
	       user-module = Authen::PAAS::DB::User

       $obj = Authen::PAAS::Context->new();

       my $subject = $ctx->login(\%callbacks);
	   Attempt to authenticate the user, using data	obtained from the
	   callbacks passed in as the first parameter. The callbacks should be
	   a hash reference, where keys	are the	callback name, and the values
	   are instances of the	"Authen::PAAS::Callback" module.  If
	   authentication succeeded, an	instance of the
	   "Authen::PAAS::Subject" module will be returned, otherwise an
	   undefined value will	be returned.

	   Takes an authenticated subject and performs a logout	operation.
	   This	method would typically destroy any tokens / credentials	that
	   might exist beyond the lifetime of the current process.

       Daniel Berrange <>

       Copyright (C) 2004-2006 Daniel Berrange

       Authen::PAAS, Authen::PAAS::LoginModule,	Authen::PAAS::Subject

perl v5.24.1			  2006-06-04	      Authen::PAAS::Context(3)


Want to link to this manual page? Use this URL:

home | help