Index
- NAME
- SYNOPSIS
- DESCRIPTION
- METHODS
-
- my $subject = Authen::PAAS::Subject->new();
- $subject->add_principal($owner, $principal)
- $subject->remove_principal($owner[, $type]);
- my @principals = $subject->principals_by_owner($owner);
- my @principals = $subject->principals_by_type($type);
- my @principals = $subject->principals;
- $subject->add_credential($owner, $credential)
- $subject->remove_credential($owner[, $type]);
- my @credentials = $subject->credentials_by_owner($owner);
- my @credentials = $subject->credentials_by_type($type);
- my @credentials = $subject->credentials;
- AUTHORS
- COPYRIGHT
- SEE ALSO
NAME
Authen::PAAS::Subject - represents an authenticated party
SYNOPSIS
use Authen::PAAS::Subject;
####### Creating a populating a subject..
# Create a new anonymous subject with no credentials
my $subject = Authen::PAAS::Subject->new();
# Add a principal eg a UNIX username, or a Kerberos
# principal, or some such
my $prin = SomePrincipal->new();
$subject->add_principal($prin)
# Add a credential. eg some form of magic token
# representing a previously added principal
my $cred = SomeCredential->new($principal)
$subject->add_credential($cred);
######## Fetching and querying a subject
# Create a context module for performing auth
my $context = Context->new($config, "myapp");
# Attempt to login
my $subject = $context->login($callbacks);
if ($subject) {
# Retrieve set of all principals
my @princs = $subject->principals;
# Or only get principal of particular class
my $princ = $subject->principal("SomePrincipal");
# Retrieve set of all credentials
my @cred = $subject->credentials;
# Or only get credential of particular class
my $cred = $subject->credential("SomeCredential");
} else {
die "login failed";
}
DESCRIPTION
The Authen::PAAS::Subject module provides a representation
of an authenticated party, be they a human user, or a independantly
operating computing service. An authenticated subject will have
one of more principals associated with them, which can be thought
of as their set of names. These are represented by the
Authen::PAAS::Principal module. Some authentication mechanisms
will also associate some form of security related token with a
subject, thus an authenticated subject may also have zero or more
credentials. These are represented by the Authen::PAAS::Credential
module.
An authenticated subject is typically obtained via the login
method on the Authen::PAAS::Context module. This creates an
anonymous subject, and invokes a set of login modules
(Authen::PAAS::LoginModule), which in turn populate the
subject with principals and credentials.
METHODS
- my $subject = Authen::PAAS::Subject->new();
-
Create a new subject, with no initial principals or credentials.
- $subject->add_principal($owner, $principal)
-
Adds a principal to the subject. The
$ownerparameter should be the class name of the login module owning the principal. The principal parameter must be a subclass of the Authen::PAAS::Principal class. - $subject->remove_principal($owner[, $type]);
-
Removes a previously added principal from the subject. The
$idparameter is the index of the principal previously added via theadd_principalmethod. - my @principals = $subject->principals_by_owner($owner);
-
Retrieves a list of all the principals for the subject associated with the owner specified in the
$ownerparameter. The value of the$ownerparameter is the class name of a login module - my @principals = $subject->principals_by_type($type);
-
Retrieves the first matching principal of a given type. The
$typeparameter should be the Perl module name of the principal implementation. - my @principals = $subject->principals;
-
Retrieves a list of all the principals for the subject.
- $subject->add_credential($owner, $credential)
-
Adds a credential to the subject. The
$ownerparameter should be the class name of the login module owning the credential. The credential parameter must be a subclass of the Authen::PAAS::Credential class. - $subject->remove_credential($owner[, $type]);
-
Removes a previously added credential from the subject. The
$idparameter is the index of the credential previously added via theadd_credentialmethod. - my @credentials = $subject->credentials_by_owner($owner);
-
Retrieves a list of all the credentials for the subject associated with the owner specified in the
$ownerparameter. The value of the$ownerparameter is the class name of a login module - my @credentials = $subject->credentials_by_type($type);
-
Retrieves the first matching credential of a given type. The
$typeparameter should be the Perl module name of the credential implementation. - my @credentials = $subject->credentials;
-
Retrieves a list of all the credentials for the subject.
AUTHORS
Daniel Berrange <dan@berrange.com>
COPYRIGHT
Copyright (C) 2004-2006 Daniel Berrange
SEE ALSO