Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help

       Catalyst::Authentication::Realm::Progressive - Authenticate against
       multiple	realms

       This Realm allows an application	to use a single	authenticate() call
       during which multiple realms are	used and tried incrementally until one
       performs	a successful authentication is accomplished.

       A simple	use case is a Temporary	Password that looks and	acts exactly
       as a regular password. Without changing the authentication code,	you
       can authenticate	against	multiple realms.

       Another use might be to support a legacy	website	authentication system,
       trying the current auth system first, and upon failure, attempting
       authentication against the legacy system.

       If your application has multiple	realms to authenticate,	such as	a
       temporary password realm	and a normal realm, you	can configure the
       progressive realm as the	default, and configure it to iteratively call
       the temporary realm and then the	normal realm.

	   'Plugin::Authentication' => {
	       default_realm =>	'progressive',
	       realms => {
		   progressive => {
		       class =>	'Progressive',
		       realms => [ 'temp', 'normal' ],
		       # Modify	the authinfo passed into authenticate by merging
		       # these hashes into the realm's authenticate call:
		       authinfo_munge => {
			   normal => { 'type' => 'normal' },
			   temp	  => { 'type' => 'temporary' },
		   normal => {
		       credential => {
			   class => 'Password',
			   password_field => 'secret',
			   password_type  => 'hashed',
			   password_hash_type => 'SHA-1',
		       store =>	{
			   class      => 'DBIx::Class',
			   user_model => 'Schema::Person::Identity',
			   id_field   => 'id',
		   temp	=> {
		       credential => {
			   class => 'Password',
			   password_field => 'secret',
			   password_type  => 'hashed',
			   password_hash_type => 'SHA-1',
		       store =>	{
			   class    => 'DBIx::Class',
			   user_model => 'Schema::Person::Identity',
			   id_field   => 'id',

       Then, in	your controller	code, to attempt authentication	against	both
       realms you just have to do a simple authenticate	call:

	if ( $c->authenticate({	id => $username, password => $password }) ) {
	    if ( $c->user->type	eq 'temporary' ) {
		# Force	user to	change password

	   An array reference consisting of each realm to attempt
	   authentication against, in the order	listed.	 If the	realm does not
	   exist, calling authenticate will die.

	   A hash reference keyed by realm names, with values being hash
	   references to merge into the	authinfo call that is subsequently
	   passed into the realm's authenticate	method.	 This is useful	if
	   your	store uses the same class for each realm, separated by some
	   other token (in the EXAMPLE authinfo_mungesection, the 'realm' is a
	   column on "Schema::Person::Identity"	that will be either 'temp' or
	   'local', to ensure the query	to fetch the user finds	the right
	   Identity record for that realm.

   new ($realmname, $config, $app)
       Constructs an instance of this realm.

       This method iteratively calls each realm	listed in the "realms"
       configuration key.  It returns after the	first successful
       authentication call is done.

       J. Shirley "<>"

       Jay Kuri	"<>"

       Copyright (c) 2008 the aforementioned authors. All rights reserved.
       This program is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself.

perl v5.24.1		       Catalyst::Authentication::Realm::Progressive(3)


Want to link to this manual page? Use this URL:

home | help