adding authentication support to the perl backend

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

adding authentication support to the perl backend

oetiker
Nick,

I have been thinking about how to integrate authentication support
into the perl backend. My idea is to enhance the JSONRPC.pm such
that it passes the session handle to both the method and the
accessibility checker and then take it from there.

I think I found a way which will not break existing applications.
What do you think?

Index: JSONRPC.pm
===================================================================
--- JSONRPC.pm  (revision 1050)
+++ JSONRPC.pm  (working copy)
@@ -85,6 +85,8 @@

     my $error = new Qooxdoo::JSONRPC::error ($json);

+    $error->set_session($session);
+
     my $script_transport_id = ScriptTransport_NotInUse;

     #----------------------------------------------------------------------
@@ -251,7 +253,7 @@

         $@ = '';
         $accessibility = eval $accessibility_method .
-            '($method, $accessibility)';
+            '($method, $accessibility, $session)';

         if ($@)
         {
@@ -538,6 +540,14 @@
     $self->{id} = $id;
 }

+sub set_session
+{
+    my $self    = shift;
+    my $session = shift;
+
+    $self->{session} = $session;
+}
+
 sub set_script_transport_id
 {
     my $self                = shift;


With these enhancements I would then be able to write my Service
like this:

===============================================================================
sub GetAccessibility {
     my $method = shift;
     my $access = shift;
     my $session = shift;
     if ($method eq 'auth' or $session->param('authenticated') eq 'yes'){
         return 'session';
     }
     else {
        return 'fail';
     }
}

sub method_auth {
    my $error = shift;
    my $user = shift;
    my $passwort = shift;
    my $session = $error->{session};
    if ($user eq 'tobi' and $password eq 'robi'){
        $session->param('authenticated','yes');
    }
}
[...]
==============================================================


--
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
http://it.oetiker.ch [hidden email] ++41 62 775 9902 / sb: -9900

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
qooxdoo-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel