Commit a156a2d8 authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : SOAP HTTP basic authentication

parent 6af2a2c6
......@@ -98,6 +98,8 @@ http://manager.example.com/
2 - ADVANCED INSTALLATION
-------------------------
It is recommended to install the example first then to adapt it.
2.1 - PREREQ
2.1.1 - Apache
......
......@@ -94,18 +94,20 @@ example: all
@echo "1 - Add this in your Apache configuration file:"
@echo " with Apache-1.3.x"
@echo
@echo " include ${EXAMPLEDIR}apache.conf"
@echo " include ${EXAMPLEDIR}apache.conf"
@echo
@echo " or with Apache-2.x:"
@echo
@echo " include ${EXAMPLEDIR}apache2.conf"
@echo " include ${EXAMPLEDIR}apache2.conf"
@echo
@echo "2 - Add test.example.com and auth.example.com in yout /etc/hosts :"
@echo "2 - Add test.example.com and auth.example.com in your /etc/hosts or"
@echo " modify apache.conf to use NameVirtualHost, different port or"
@echo " address;"
@echo
@echo " cat ${EXAMPLEDIRBUILD}/for_etc_hosts >> /etc/hosts"
@echo
@echo "3 - edit ${EXAMPLEDIR}/conf/lmConf-1 and set ldapServer and ldapBase."
@echo " or use the manager at http://manager.example.com/ (after apache restart)"
@echo "3 - Use the manager at http://manager.example.com/ (after apache restart)"
@echo " or edit ${EXAMPLEDIR}/conf/lmConf-1 and set ldapServer and ldapBase."
@echo
@echo "4 - Restart Apache (or Apache2)"
@echo
......
......@@ -2,26 +2,25 @@ Lemonldap::NG TODO
------------------
TODO list for Lemonldap::NG development
- Priority: Low Status: N/A Created: 2007\05\03 11-40-36
Delete buttons in virtualHosts if 'read"-"only'
- Priority: Normal Status: Planning Created: 2007\05\03 12-28-30
Modify example to use nameVirtualHost instead of 127.0.0.x adresses
- Priority: Normal Status: In progress Created: 2007\05\03 10-41-36
Modify install to make a running example as debian install
- Priority: Normal Status: In progress Created: 2007\05\03 11-45-05
Display errors in saveConf
- Priority: Normal Status: N/A Created: 2007\05\03 11-50-17
Test and documentation for SOAP authentication
- Priority: Low Status: Planning Created: 2007\05\03 11-46-55
- Priority: Normal Status: In progress Created: 2007\05\03 10-41-36
Modify install to make a running example as debian install
- Priority: Normal Status: Planning Created: 2007\05\03 12-28-30
Modify example to use nameVirtualHost instead of 127.0.0.x adresses
- Priority: Low Status: Planning Created: 2007\04\23 21-26-18
TLS in LDAP connection. SSL works, but start_tls cannot yet be called.
- Priority: Low Status: N/A Created: 2007\05\05 21-58-53
Documentation :
* logout documentation
* Translate FAQ in English (http://lemonldap.objectweb.org/)
* Security document
- Priority: Low Status: N/A Created: 2007\05\03 11-47-42
Order rules :
* find a system to move up and down rules in manager interface
* split locationRules into 2 arrays
- Priority: Low Status: N/A Created: 2007\05\03 11-40-36
Delete buttons in virtualHosts if 'read"-"only'
- Priority: Low Status: N/A Created: 2007\04\21 13-14-55
Simplified manager interface fo rules:
* simplified regexp (* instead of .*,...)
* simple combobox to choose groups
- Priority: Low Status: Planning Created: 2007\04\23 21-26-18
TLS in LDAP connection. SSL works, but start_tls cannot yet be called.
......@@ -10,8 +10,10 @@ lemonldap-ng (0.8.1.2) unstable; urgency=low
configuration file has moved to /var/lib/lemonldap-ng/conf/ and first
configuration file is managed by debconf
* Buttons to manage configurations in manager (next, previous, last, delete)
* SOAP: HTTP basic authentication and little bug correction in 'sessions'
mode
-- Xavier Guimard <x.guimard@free.fr> Thu, 03 May 2007 10:39:51 +0200
-- Xavier Guimard <x.guimard@free.fr> Sun, 06 May 2007 16:18:40 +0200
lemonldap-ng (0.8.1.1) unstable; urgency=low
......
debian/tmp/usr/share/perl5/Lemonldap/NG/Manager/Apache/*
debian/tmp/usr/share/perl5/Lemonldap/NG/Manager/Conf*
debian/tmp/usr/share/man/man3/Lemonldap::NG::Manager::Conf*
debian/tmp/usr/share/man/man1/lmConfig_File2MySQL.1p
......
......@@ -253,8 +253,6 @@ local store.
L<Lemonldap::NG::Handler>, L<Lemonldap::NG::Manager>, L<Lemonldap::NG::Portal>,
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/Presentation
=back
=head1 AUTHOR
Xavier Guimard, E<lt>x.guimard@free.frE<gt>
......
Revision history for Perl extension Lemonldap::NG::Manager.
0.65 Sun May 6 16:15:49 2007
- SOAP: HTTP basic authentication and little bug correction in 'sessions'
mode
- More tests in conf
0.64 Sun Apr 29 16:18:31 2007
- File permissions fix to 0640 in File.pm
- Multiple configuration in the same server is now possible
......
......@@ -72,6 +72,7 @@ t/Lemonldap-NG-Manager-Conf-DBI.t
t/Lemonldap-NG-Manager-Conf-File.t
t/Lemonldap-NG-Manager-Conf-SOAP.t
t/Lemonldap-NG-Manager-Conf.t
t/Lemonldap-NG-Manager-SOAPServer.t
t/Lemonldap-NG-Manager.t
t/Lemonldap-NG-Manager_en.t
t/Lemonldap-NG-Manager_fr.t
......
......@@ -16,7 +16,7 @@ use MIME::Base64;
our @ISA = qw(Lemonldap::NG::Manager::Base);
our $VERSION = '0.64';
our $VERSION = '0.65';
sub new {
my ( $class, $args ) = @_;
......
......@@ -3,15 +3,20 @@ package Lemonldap::NG::Manager::Apache::Session::SOAP;
use strict;
use SOAP::Lite;
our $VERSION = 0.1;
our $VERSION = 0.2;
# Variables shared with SOAP::Transport::HTTP::Client
my ( $username, $password );
our ( $user, $password ) = ( '', '' );
BEGIN {
sub SOAP::Transport::HTTP::Client::get_basic_credentials {
return $Lemonldap::NG::Manager::Apache::Session::SOAP::user => $Lemonldap::NG::Manager::Apache::Session::SOAP::password;
}
}
# PUBLIC INTERFACE
sub TIEHASH {
print STDERR "TIEHASH\n";
my $class = shift;
my $session_id = shift;
......@@ -26,7 +31,7 @@ sub TIEHASH {
foreach (qw(proxy proxyOptions)) {
$self->{$_} = $args->{$_};
}
($username, $password) = ( $args->{username}, $args->{password} );
( $user, $password ) = ( $args->{User}, $args->{Password} );
bless $self, $class;
if (defined $session_id && $session_id) {
......@@ -41,14 +46,12 @@ sub TIEHASH {
}
sub FETCH {
print STDERR "FETCH\n";
my $self = shift;
my $key = shift;
return $self->{data}->{$key};
}
sub STORE {
print STDERR "STORE\n";
my $self = shift;
my $key = shift;
my $value = shift;
......@@ -59,7 +62,6 @@ sub STORE {
}
sub DELETE {
print STDERR "DELETE\n";
my $self = shift;
my $key = shift;
......@@ -69,7 +71,6 @@ sub DELETE {
}
sub CLEAR {
print STDERR "CLEAR\n";
my $self = shift;
$self->{modified} = 1;
......@@ -78,27 +79,23 @@ sub CLEAR {
}
sub EXISTS {
print STDERR "EXISTS\n";
my $self = shift;
my $key = shift;
return exists $self->{data}->{$key};
}
sub FIRSTKEY {
print STDERR "FIRESTKEY\n";
my $self = shift;
my $reset = keys %{$self->{data}};
return each %{$self->{data}};
}
sub NEXTKEY {
print STDERR "NEXTKEY\n";
my $self = shift;
return each %{$self->{data}};
}
sub DESTROY {
print STDERR "DESTROY\n";
my $self = shift;
$self->save;
}
......@@ -139,14 +136,6 @@ sub save {
return $self->_soapCall( "set", $self->{_session_id}, $self->{data} );
}
BEGIN {
sub SOAP::Transport::HTTP::Client::get_basic_credentials {
return $username => $password;
}
}
# TODO: test and documentation of authentication
1;
__END__
......@@ -173,6 +162,9 @@ access to Lemonldap::NG Web-SSO sessions via SOAP.
proxyOptions => {
timeout => 5,
},
# If soapserver is protected by HTTP Basic:
User => 'http-user',
Password => 'pass',
},
configStorage => {
... # See Lemonldap::NG::Handler
......@@ -187,8 +179,11 @@ access to Lemonldap::NG Web-SSO sessions via SOAP.
proxyOptions => {
timeout => 5,
},
# If soapserver is protected by HTTP Basic:
User => 'http-user',
Password => 'pass',
},
configStorage => {
configStorage => {
... # See Lemonldap::NG::Portal
You can also set parameters corresponding to "Apache::Session module" in the
......@@ -211,8 +206,9 @@ Apache::Session module (set as Lemonldap::NG::Manager::SOAPServer parameter).
As Lemonldap::NG::Manager::Conf::SOAP use SOAP::Lite, you have to see
L<SOAP::Transport> to know arguments that can be passed to C<proxyOptions>.
Lemonldap::NG provides a system for HTTP basic authentication.
Example :
Examples :
=over
......@@ -225,13 +221,6 @@ C<>SOAP::Transport::HTTP::Client::get_basic_credentials>:
use base Lemonldap::NG::Handler::SharedConf;
# AUTHENTICATION
BEGIN {
sub SOAP::Transport::HTTP::Client::get_basic_credentials {
return 'username' => 'password';
}
}
__PACKAGE__->init ( {
localStorage => "Cache::FileCache",
localStorageOptions => {
......@@ -241,6 +230,8 @@ C<>SOAP::Transport::HTTP::Client::get_basic_credentials>:
configStorage => {
type => 'SOAP',
proxy => 'http://manager.example.com/soapserver.pl',
User => 'http-user',
Password => 'pass',
},
https => 1,
} );
......
......@@ -3,7 +3,17 @@ package Lemonldap::NG::Manager::Conf::SOAP;
use strict;
use SOAP::Lite;
our $VERSION = 0.11;
our $VERSION = 0.2;
BEGIN {
*Lemonldap::NG::Manager::Conf::_soapCall = \&_soapCall;
*Lemonldap::NG::Manager::Conf::_connect = \&_connect;
sub SOAP::Transport::HTTP::Client::get_basic_credentials {
return $Lemonldap::NG::Manager::Conf::SOAP::username => $Lemonldap::NG::Manager::Conf::SOAP::password;
}
}
our ( $username, $password ) = ( '', '' );
sub prereq {
my $self = shift;
......@@ -28,6 +38,8 @@ sub _connect {
sub _soapCall {
my $self = shift;
my $func = shift;
$username = $self->{User};
$password = $self->{Password};
return $self->_connect->$func(@_)->result;
}
......@@ -92,8 +104,11 @@ Lemonldap::NG Web-SSO configuration via SOAP.
'default_expires_in' => 600,
},
configStorage => {
type => 'SOAP',
proxy => 'http://manager.example.com/soapserver.pl',
type => 'SOAP',
proxy => 'http://manager.example.com/soapserver.pl',
# If soapserver is protected by HTTP Basic:
User => 'http-user',
Password => 'pass',
},
https => 0,
} );
......@@ -106,6 +121,9 @@ Lemonldap::NG Web-SSO configuration via SOAP.
configStorage => {
type => 'SOAP',
proxy => 'http://localhost/devel/test.pl',
# If soapserver is protected by HTTP Basic:
User => 'http-user',
Password => 'pass',
}
});
# Next as usual... See Lemonldap::NG::Portal(3)
......@@ -121,6 +139,9 @@ Lemonldap::NG Web-SSO configuration via SOAP.
configStorage=>{
type => 'SOAP',
proxy => 'http://localhost/devel/test.pl'
# If soapserver is protected by HTTP Basic:
User => 'http-user',
Password => 'pass',
},
dhtmlXTreeImageLocation=> "/imgs/",
}
......@@ -152,27 +173,18 @@ configuration via SOAP.
As Lemonldap::NG::Manager::Conf::SOAP use SOAP::Lite, you have to see
L<SOAP::Transport> to know arguments that can be passed to C<proxyOptions>.
Lemonldap::NG provides a system for HTTP basic authentication.
Example :
Examples :
=over
=item * HTTP Basic authentication
SOAP::transport can use basic authentication by rewriting
C<>SOAP::Transport::HTTP::Client::get_basic_credentials>:
package My::Package;
use base Lemonldap::NG::Handler::SharedConf;
# AUTHENTICATION
BEGIN {
sub SOAP::Transport::HTTP::Client::get_basic_credentials {
return 'username' => 'password';
}
}
__PACKAGE__->init ( {
localStorage => "Cache::FileCache",
localStorageOptions => {
......@@ -182,6 +194,8 @@ C<>SOAP::Transport::HTTP::Client::get_basic_credentials>:
configStorage => {
type => 'SOAP',
proxy => 'http://manager.example.com/soapserver.pl',
User => 'http-user',
Password => 'pass',
},
https => 1,
} );
......
......@@ -5,7 +5,7 @@ use SOAP::Transport::HTTP;
use Lemonldap::NG::Manager::Conf;
use UNIVERSAL qw(isa);
our $VERSION = "0.1";
our $VERSION = "0.2";
# Initialization
......@@ -42,8 +42,8 @@ sub new {
sub init {
my $self = shift;
if( $self->{type} eq 'sessions' ) {
$Lemonldap::NG::Manager::SOAPService::Sessions::authorizatedFunc =
$self->{authorizatedFunc} || 'get';
$Lemonldap::NG::Manager::SOAPService::Sessions::authorizedFunctions =
$self->{AuthorizedFunctions} || 'get';
$Lemonldap::NG::Manager::SOAPService::Sessions::config = $self;
}
else {
......@@ -99,17 +99,23 @@ sub load {
package Lemonldap::NG::Manager::SOAPService::Sessions;
our $config;
our $authorizedFunc = 'get';
our $authorizedFunctions = 'get';
sub newsession {
return 0 unless( $authorizedFunc =~ /\bnew\b/ );
unless( $authorizedFunctions =~ /\bnew\b/ ) {
print STDERR "Lemonldap::NG::Manager::SOAPService: 'new' is not authorized. Set 'AuthorizedFunctions' parameter if needed.\n";
return 0;
}
my( $class, $args ) = @_;
$args ||= {};
my %h;
eval {
tie %h, $config->{realSessionStorage}, undef, $config->{realSessionStorageOptions};
};
return 0 if ($@);
if ($@) {
print STDERR "Lemonldap::NG::Manager::SOAPService: $@\n";
return 0;
}
# my $id = $h{_session_id};
$h{$_} = $args->{$_} foreach ( keys %{ $args } );
$h{_utime} = time();
......@@ -119,8 +125,7 @@ sub newsession {
}
sub get {
print STDERR "get\n";
return 0 unless( $authorizedFunc =~ /\bget\b/ );
return 0 unless( $authorizedFunctions =~ /\bget\b/ );
my( $class, $id ) = @_;
my %h;
eval {
......@@ -135,7 +140,7 @@ sub get {
}
sub set {
return 0 unless( $authorizedFunc =~ /\bset\b/ );
return 0 unless( $authorizedFunctions =~ /\bset\b/ );
my( $class, $id, $args ) = @_;
my %h;
eval {
......@@ -168,7 +173,10 @@ Lemonldap::NG Web-SSO configuration or sessions via SOAP.
# 2 types are available :
# * 'config' for configuration access
# * 'sessions' for sessions access
type => 'config',
type => 'sessions',
# For 'sessions' type, you can choose exported functions (get
# only by default):
AuthorizedFunctions => 'new get set',
);
=head2 Client side
......@@ -196,6 +204,9 @@ sessions access.
configStorage => {
type => 'SOAP',
proxy => 'http://manager.example.com/soapserver.pl',
# If soapserver is protected by HTTP Basic:
User => 'http-user',
Password => 'pass',
},
https => 0,
} );
......@@ -208,6 +219,9 @@ sessions access.
configStorage => {
type => 'SOAP',
proxy => 'http://localhost/devel/test.pl',
# If soapserver is protected by HTTP Basic:
User => 'http-user',
Password => 'pass',
}
});
# Next as usual...
......@@ -223,6 +237,9 @@ sessions access.
configStorage=>{
type => 'SOAP',
proxy => 'http://localhost/devel/test.pl'
# If soapserver is protected by HTTP Basic:
User => 'http-user',
Password => 'pass',
},
dhtmlXTreeImageLocation=> "/imgs/",
}
......@@ -265,7 +282,11 @@ overload this package.
Since Lemonldap::NG::Manager::SOAPServer act as a CGI, you can protect
configuration access by any of the HTTP protection mecanisms.
See L<Lemonldap::NG::Manager::Conf::SOAP> for the security in the client
side.
side.
In "session" mode, you can control what functions can be used by SOAP. By
default, only "get" can be used: it means that only handlers can work with it.
Use "AuthorizedFunctions" parameter to grant other functions.
=head1 SEE ALSO
......
......@@ -5,11 +5,22 @@
# change 'tests => 1' to 'tests => last_test_to_print';
use Test::More tests => 1;
BEGIN { use_ok('Lemonldap::NG::Manager::Conf::DBI') }
use Test::More tests => 2;
BEGIN { use_ok('Lemonldap::NG::Manager::Conf') }
#########################
# Insert your test code below, the Test::More module is use()ed here so read
# its man page ( perldoc Test::More ) for help writing this test script.
my $h;
@ARGV = ("help=groups");
ok(
$h = new Lemonldap::NG::Manager::Conf(
{
type => 'DBI',
dbiChain => "DBI:mysql:database=lemonldap-ng",
dbiUser => 'lemonldap-ng',
}
)
);
......@@ -5,11 +5,21 @@
# change 'tests => 1' to 'tests => last_test_to_print';
use Test::More tests => 1;
BEGIN { use_ok('Lemonldap::NG::Manager::Conf::File') }
use Test::More tests => 2;
BEGIN { use_ok('Lemonldap::NG::Manager::Conf') }
#########################
# Insert your test code below, the Test::More module is use()ed here so read
# its man page ( perldoc Test::More ) for help writing this test script.
my $h;
@ARGV = ("help=groups");
ok(
$h = new Lemonldap::NG::Manager::Conf(
{
type => 'File',
dirName => ".",
}
)
);
# Before `make install' is performed this script should be runnable with
# `make test'. After `make install' it should work as `perl Lemonldap-NG-Manager-SOAPServer.t'
#########################
# change 'tests => 1' to 'tests => last_test_to_print';
use Test::More tests => 3;
# SOAP::Lite is not required, so Lemonldap::NG::Manager::Conf::SOAP may
# not run.
SKIP: {
eval { require SOAP::Transport::HTTP };
skip "SOAP::Transport::HTTP is not installed, so Lemonldap::NG::Manager::SOAPServer will not be useable",
3
if ($@);
use_ok('Lemonldap::NG::Manager::SOAPServer');
my $s;
ok ( $s = Lemonldap::NG::Manager::SOAPServer->new (
type => 'config',
configStorage => {
type => 'File',
dirName => '.',
}
)
);
eval { require Apache::Session::File };
skip "Apache::Session::File is not installed. Lemonldap::NG::Manager::SOAPServer will not be tested in 'sessions' mode",
1
if ($@);
ok ( $s = Lemonldap::NG::Manager::SOAPServer->new (
type => 'sessions',
realSessionStorage => 'Apache::Session::File',
)
);
}
#########################
# Insert your test code below, the Test::More module is use()ed here so read
# its man page ( perldoc Test::More ) for help writing this test script.
......@@ -193,7 +193,6 @@ sub controlExistingSession {
}
# Logout if required
# TODO: logout documentation
if($self->param('logout')) {
# Delete session in global storage
tied(%h)->delete;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment