Authen::PAAS::Subject - represents an authenticated party
use Authen::PAAS::Subject;
####### Creating a populating a subject..
# Create a new anonymous subject with no credentials my $subject = Authen::PAAS::Subject->new();
# Add a principal eg a UNIX username, or a Kerberos # principal, or some such my $prin = SomePrincipal->new(); $subject->add_principal($prin)
# Add a credential. eg some form of magic token # representing a previously added principal my $cred = SomeCredential->new($principal) $subject->add_credential($cred);
######## Fetching and querying a subject
# Create a context module for performing auth my $context = Context->new($config, "myapp");
# Attempt to login my $subject = $context->login($callbacks);
if ($subject) {
# Retrieve set of all principals
my @princs = $subject->principals;
# Or only get principal of particular class
my $princ = $subject->principal("SomePrincipal");
# Retrieve set of all credentials
my @cred = $subject->credentials;
# Or only get credential of particular class
my $cred = $subject->credential("SomeCredential");
} else {
die "login failed";
}
The Authen::PAAS::Subject module provides a representation
of an authenticated party, be they a human user, or a independantly
operating computing service. An authenticated subject will have
one of more principals associated with them, which can be thought
of as their set of names. These are represented by the
the Authen::PAAS::Principal manpage module. Some authentication mechanisms
will also associate some form of security related token with a
subject, thus an authenticated subject may also have zero or more
credentials. These are represented by the the Authen::PAAS::Credential manpage
module.
An authenticated subject is typically obtained via the login
method on the the Authen::PAAS::Context manpage module. This creates an
anonymous subject, and invokes a set of login modules
(the Authen::PAAS::LoginModule manpage), which in turn populate the
subject with principals and credentials.
$owner parameter
should be the class name of the login module owning the
principal. The principal parameter must be a subclass of
the the Authen::PAAS::Principal manpage class.
$id parameter is the index of the principal previously
added via the add_principal method.
$owner parameter. The
value of the $owner parameter is the class name of a login
module
$type parameter should be the Perl module name of the
principal implementation.
$owner parameter
should be the class name of the login module owning the
credential. The credential parameter must be a subclass of
the the Authen::PAAS::Credential manpage class.
$id parameter is the index of the credential previously
added via the add_credential method.
$owner parameter. The
value of the $owner parameter is the class name of a login
module
$type parameter should be the Perl module name of the
credential implementation.
Daniel Berrange <dan@berrange.com>
Copyright (C) 2004-2005 Daniel Berrange
perl(1), the Authen::PAAS::Context manpage, the Authen::PAAS::Credential manpage, the Authen::PAAS::Principal manpage