开发者

Zend_Auth identity versioning

问答 作者:

There is a situation: I store some structured data (e.g. array or object, or even string) as a Zend_Auth identity. From version to version the structure of identity could be changed thus identity from one version could (or could not) be compatible with application code of another version.

I'd like to have an ability to validate whether the stored identity data conform to current version requirements.

As I see from the manual, the verification of whether the identity exists is performed like:

$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
    // Identity exists; get it
    $identity = $auth->getIdentity();
}

But there is no ability to hook into hasIdentity() meth开发者_JS百科od or somewhere else to perform the validation.

The only way I see to do that is to implement my own Zend_Auth_Storage_Interface class that will use some other storage as implementation and perform the validation of stored data.

Is there any more proper solution?

I'm not totally sure to understand but it looks like you misunderstanding the difference between Authorization and Authentication.

Zend_Auth is about Authentication, therefore you should not use Zend_Auth to process Authorization but Zend_Acl.

However, if what you want is to store an additional information from the Authentication process (ie Database Authentication) you can use the getResultRowObject($returnColumns, $ommitColumns); method.

There are several implementation to get the "Row Object" depending on your current Adapter.

Zend_Auth_Storage_Interface is about storing the result, I don't think you'll need to do such implementation since it's about storing the identity object in session or in a database for example.

What you may want is to use Zend_Acl and construct an Access Control List which defines generically a Role (can be an user), a Resource (your version-ed application), a Privilege (can use or not)

Note: *Most people have difficulties to use Zend_Acl because they think in Module/Controller/Action, but it is just one way to define resource.
A resource can be whatever you want, a entire application, a controller action, a view, another user, a database connection, etc.*

Even though you accepted the answer above I believe you need something else. 

$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
    // Identity exists - validate if it's valid

    $identity = $auth->getIdentity();
    if (!HelperClass::validateIdentity($identity)) { //you validation method
         /* User has stored identity from previous version. 
          * It may miss some important info (like a role value
          * you added recently). Clear it and require re-login. */
         $auth->clearIdentity();
         $this->_helper->flashMessenger('Please login ...');
         $this->_helper->redirector('login');
    }
    // identity is valid
    $acl = Acl::factory(); //get acl object somehow
    if (!$acl->isAllowed($module.$controller.$action, $identity->role)) {
         throw new AccessDeniedException();
    }
    // else nothing -> user has valid session data and is allowed to access the resource. 
}

继续阅读:phpversioningzend-authzend-framework

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9