## @file # Client side of the SOAP proxy mechanism for Apache::Session modules ## @class # Client side of the SOAP proxy mechanism for Apache::Session modules package Lemonldap::NG::Common::Apache::Session::SOAP; use strict; use SOAP::Lite; our $VERSION = '2.0.0'; #parameter proxy Url of SOAP service #parameter proxyOptions SOAP::Lite options #parameter User Username #parameter Password Password #parameter localStorage Cache module #parameter localStorageOptions Cache module options # Variables shared with SOAP::Transport::HTTP::Client our ( $user, $password ) = ( '', '' ); BEGIN { sub SOAP::Transport::HTTP::Client::get_basic_credentials { return $Lemonldap::NG::Common::Apache::Session::SOAP::user => $Lemonldap::NG::Common::Apache::Session::SOAP::password; } } # PUBLIC INTERFACE ## @cmethod Lemonldap::NG::Common::Apache::Session::SOAP TIEHASH(string session_id, hashRef args) # Constructor for Perl TIE mechanism. See perltie(3) for more. # @return Lemonldap::NG::Common::Apache::Session::SOAP object sub TIEHASH { my $class = shift; my $session_id = shift; my $args = shift; my ( $proxy, $proxyOptions ); die "proxy argument is required" unless ( $args and $args->{proxy} ); my $self = { data => { _session_id => $session_id }, modified => 0, }; foreach (qw(proxy proxyOptions ns localStorage localStorageOptions)) { $self->{$_} = $args->{$_}; } ( $user, $password ) = ( $args->{User}, $args->{Password} ); bless $self, $class; if ( defined $session_id && $session_id ) { die "unexistant session $session_id" unless ( $self->get($session_id) ); } else { die "unable to create session" unless ( $self->newSession() ); } return $self; } sub FETCH { my $self = shift; my $key = shift; return $self->{data}->{$key}; } sub STORE { my $self = shift; my $key = shift; my $value = shift; $self->{data}->{$key} = $value; $self->{modified} = 1; return $value; } sub DELETE { my $self = shift; my $key = shift; $self->{modified} = 1; delete $self->{data}->{$key}; } sub CLEAR { my $self = shift; $self->{modified} = 1; $self->{data} = {}; } sub EXISTS { my $self = shift; my $key = shift; return exists $self->{data}->{$key}; } sub FIRSTKEY { my $self = shift; my $reset = keys %{ $self->{data} }; return each %{ $self->{data} }; } sub NEXTKEY { my $self = shift; return each %{ $self->{data} }; } sub DESTROY { my $self = shift; $self->save; } ## @method private SOAP::Lite _connect() # @return The SOAP::Lite object. Build it at the first call. sub _connect { my $self = shift; return $self->{service} if ( $self->{service} ); my @args = ( $self->{proxy} ); if ( $self->{proxyOptions} ) { push @args, %{ $self->{proxyOptions} }; } $self->{ns} ||= 'urn:Lemonldap/NG/Common/PSGI/SOAPService'; return $self->{service} = SOAP::Lite->ns( $self->{ns} )->proxy(@args); } ## @method private $ _soapCall(string func, @args) # @param $func remote function to call # @param @args Functions parameters # @return Result sub _soapCall { my $self = shift; my $func = shift; my $r = $self->_connect->$func(@_); if ( $r->fault ) { print STDERR "SOAP Error: " . $r->fault->{faultstring}; return (); } return $r->result; } ## @method hashRef get(string id) # @param $id Apache::Session session ID. # @return User datas sub get { my $self = shift; my $id = shift; # Check cache if ( $self->{localStorage} && $self->cache->get("soap$id") ) { return $self->{data} = $self->cache->get("soap$id"); } # No cache, use SOAP and set cache my $r = $self->_soapCall( "getAttributes", $id ); return 0 unless ( $r or $r->{error} ); $self->{data} = $r->{attributes}; $self->cache->set( "soap$id", $self->{data} ) if $self->{localStorage}; return $self->{data}; } ## @method hashRef newSession() # Build a new Apache::Session session. # @return User datas (just the session ID) sub newSession { my $self = shift; $self->{data} = $self->_soapCall("newSession"); # Set cache if ( $self->{localStorage} ) { my $id = "soap" . $self->{data}->{_session_id}; if ( $self->cache->get($id) ) { $self->cache->remove($id); } $self->cache->set( $id, $self->{data} ); } return $self->{data}; } ## @method boolean save() # Save user datas if modified. sub save { my $self = shift; return unless ( $self->{modified} ); # Update session in cache if ( $self->{localStorage} ) { my $id = "soap" . $self->{data}->{_session_id}; if ( $self->cache->get($id) ) { $self->cache->remove($id); } $self->cache->set( $id, $self->{data} ); } # SOAP return $self->_soapCall( "setAttributes", $self->{data}->{_session_id}, $self->{data} ); } ## @method boolean delete() # Deletes the current session. sub delete { my $self = shift; # Remove session from cache if ( $self->{localStorage} ) { my $id = "soap" . $self->{data}->{_session_id}; if ( $self->cache->get($id) ) { $self->cache->remove($id); } } # SOAP return $self->_soapCall( "deleteSession", $self->{data}->{_session_id} ); } ## @method get_key_from_all_sessions() # Not documented. sub get_key_from_all_sessions() { my $class = shift; my $args = shift; my $data = shift; my $self = bless {}, $class; foreach (qw(proxy proxyOptions ns)) { $self->{$_} = $args->{$_}; } die('proxy is required') unless ( $self->{proxy} ); ( $user, $password ) = ( $args->{User}, $args->{Password} ); # Get token before query my $token = Lemonldap::NG::Handler::Main->tsv->{cipher} ->decrypt( $self->_soapCall('getCipheredToken') ); if ( ref($data) eq 'CODE' ) { my $r = $self->_soapCall( "get_key_from_all_sessions", $token ); my $res; if ($r) { foreach my $k ( keys %$r ) { my $tmp = &$data( $r->{$k}, $k ); $res->{$k} = $tmp if ( defined($tmp) ); } } } else { return $self->_soapCall( "get_key_from_all_sessions", $token, $data ); } } sub cache { my $self = shift; return $self->{cache} if $self->{cache}; my $module = $self->{localStorage}; eval "use $module;"; $self->{cache} = $module->new( $self->{localStorageOptions} ); return $self->{cache}; } 1; __END__ =head1 NAME =encoding utf8 Lemonldap::NG::Common::Apache::Session::SOAP - Perl extension written to access to Lemonldap::NG Web-SSO sessions via SOAP. =head1 SYNOPSIS =over =item * With Lemonldap::NG::Handler package My::Package; use Lemonldap::NG::Handler::SharedConf; our @ISA = qw(Lemonldap::NG::Handler::Simple); __PACKAGE__->init ({ globalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP', globalStorageOptions => { proxy => 'http://auth.example.com/sessions', proxyOptions => { timeout => 5, }, # If soapserver is protected by HTTP Basic: User => 'http-user', Password => 'pass', # To have a local session cache localStorage => "Cache::FileCache", localStorageOptions => { 'namespace' => 'lemonldap-ng', 'default_expires_in' => 600, }, }, configStorage => { ... # See Lemonldap::NG::Handler =item * With Lemonldap::NG::Portal use Lemonldap::NG::Portal::SharedConf; my $portal = new Lemonldap::NG::Portal::SharedConf ( globalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP', globalStorageOptions => { proxy => 'http://auth.example.com/sessions', proxyOptions => { timeout => 5, }, # If soapserver is protected by HTTP Basic: User => 'http-user', Password => 'pass', # To have a local session cache localStorage => "Cache::FileCache", localStorageOptions => { 'namespace' => 'lemonldap-ng', 'default_expires_in' => 600, }, }, configStorage => { ... # See Lemonldap::NG::Portal You can also set parameters corresponding to "Apache::Session module" in the manager. =back =head1 DESCRIPTION Lemonldap::NG::Common::Conf provides a simple interface to access to Lemonldap::NG Web-SSO configuration. It is used by L, L and L. Lemonldap::NG::Common::Apache::Session::SOAP used with L provides the ability to acces to Lemonldap::NG sessions via SOAP: the portal act as a proxy to access to the real Apache::Session module (see HTML documentation for more) =head2 SECURITY As Lemonldap::NG::Common::Conf::SOAP use SOAP::Lite, you have to see L to know arguments that can be passed to C. Lemonldap::NG provides a system for HTTP basic authentication. Examples : =over =item * HTTP Basic authentication SOAP::transport can use basic authentication by rewriting C<>SOAP::Transport::HTTP::Client::get_basic_credentials>: package My::Package; use base Lemonldap::NG::Handler::SharedConf; __PACKAGE__->init ( { globalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP', globalStorageOptions => { proxy => 'http://auth.example.com/sessions', User => 'http-user', Password => 'pass', }, } ); =item * SSL Authentication SOAP::transport provides a simple way to use SSL certificate: you've just to set environment variables. package My::Package; use base Lemonldap::NG::Handler::SharedConf; # AUTHENTICATION $ENV{HTTPS_CERT_FILE} = 'client-cert.pem'; $ENV{HTTPS_KEY_FILE} = 'client-key.pem'; __PACKAGE__->init ( { globalStorage => 'Lemonldap::NG::Common::Apache::Session::SOAP', globalStorageOptions => { proxy => 'https://auth.example.com/sessions', }, } ); =back =head1 SEE ALSO L, L, L, L, L =head1 AUTHORS =over =item LemonLDAP::NG team L =back =head1 BUG REPORT Use OW2 system to report bug or ask for features: L =head1 DOWNLOAD Lemonldap::NG is available at L =head1 COPYRIGHT AND LICENSE See COPYING file for details. This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see L. =cut