Apache::SiteControl is a Perl web site authentication/authorization system.
See samples/site for complete example. Note, this module is intended for mod_perl. See Apache2::SiteControl for mod_perl2.
Apache::SiteControl is a set of perl object-oriented classes that implement a fine-grained security control system for a web-based application. The intent is to provide a clear, easy-to-integrate system that does not require the policies to be written into your application components. It attempts to separate the concerns of how to show and manipulate data from the concerns of who is allowed to view and manipulate data and why.
For example, say your web application is written in HTML::Mason. Your individual "screens" are composed of Mason modules, and you would like to keep those as clean as possible, but decisions have to be made about what to allow as the component is processed. SiteControl attempts to make that as easy as possible.
DEVELOPER'S VIEWPOINT - EXAMPLE
In this document we use HTML::Mason to create examples of how to use the control mechanisms, but any mod_perl based system should be supportable.
A good mason component tries to do most of the perl processing in a separate block, so that simple substitutions can be made in HTML in the rest of the page. This makes it much easier for web developers and perl developers to co-exist on a project.
The SiteControl system tries to make it possible to continue to follow this model. You obtain a user object and permission manager from the SiteControl system. These are intended to be opaque data types to the page designer, and are defined elsewhere (see USERS). The actual web page component should carry these objects around without implementing anything in the way of policy.
What's New in This Release: [ read full changelog ]
· Added a session_removed attribute that can be used to detect session collisions in the web app.