NAME

WebService::TicketAuth - Ticket-based authentication module for SOAP services

SYNOPSIS

@WebService::MyService::ISA = qw(WebService::TicketAuth);

DESCRIPTION

WebService::TicketAuth is an authentication system for SOAP-based web services, that provides a signature token (like a cookie) to the client that it can use for further interactions with the server. This means that the user can login and establish their credentials for their session, then use various tools without having to provide a password for each operation. Sessions can be timed out, to mitigate against a ticket being used inappropriately.

This is similar in philosophy to authenticated web sessions where the user logs in and gains a cookie that it can use for further interactions. For example, see Apache::AuthTicket. However, such systems require a web server such as Apache to handle the authentication. This module provides a mechanism that can be used outside of a web server. In particular, it is designed for use with a SOAP daemon architecture.

This module was originally developed by Paul Kulchenko in 2001. See guide.soaplite.com for more info.

FUNCTIONS

new()

Creates a new instance of TicketAuth. Establishes several private member functions for authentication, to calculate, make, and check the authInfo.

get_error()

Returns the most recent error message. If any of this module's routines return undef, this routine can be called to retrieve a message about what happened. If several errors have occurred, this will only return the most recently encountered one.

ticket_duration($username)

This routine defines how long a ticket should last. Override it to customize the ticket lengths. The username is provided when requesting this information, to permit applications to vary ticket length based on the user's access level, if desired. If $username is undef, then a generic duration should be returned.

By default, the ticket duration is defined to be 20 minutes (or 20*60 seconds).

get_username($header)

Retrieves the username from the auth section of the SOAP header

is_valid($username, $password)

Routine to determine if the given user credentials are valid. Returns 1 to indicate if the credentials are accepted, or undef if not. Error messages can be retrieved from the get_error() routine.

Override this member function to implement your own authentication system. This base class function always returns false.

login()

This routine is called by users to establish their credentials. It returns an AuthInfo ticket on success, or undef if the login failed for any reason. The error message can be retrieved from get_error().

It checks credentials by calling the is_valid() routine, which should be overridden to hook in your own authentication system.

AUTHORS

Paul Kulchenko, paulclinger at yahoo dot com. Original module created as part of SOAP::Lite user's guide. See http://guide.soaplite.com.

Bryce Harrington, bryce at bryceharrington dot org. OO-ified, documented, etc.

COPYRIGHT

Copyright (C) 2001 Paul Kulchenko. All rights reserved.

This script is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

perl, SOAP::Lite, Apache::AuthTicket