Disable Yii inbuilt authentication
How do I disable the Yii's inbuild authentication? ( /site/login ).
I am using an extension to do authentication and dont want to leave the inbuilt login open - potentially this could be a security issue.开发者_Go百科
I think you can just remove the actions in the site controller for login and logout, i.e actionLogin()
and actionLogout()
inside the mywebapp/protected/controllers/SiteController.php file
and the view for login, i.e. mywebapp/protected/views/site/login.php,
and also remove the model i.e inside mywebapp/protected/models/LoginForm.php.
Further i would suggest you to either change the UserIdentity.php inside the mywebapp/protected/components folder, or remove it and write your own identity class.
If you want any tips to write your identity class, check the api at this link.
It partly depends on how your extension is managing access control and I assume when you say "inbuilt authentication", you are referring to Gii-generated files.
If you remove/comment out the accessControl
filter in your controller file(s) as well as the accessRules()
method for good measure, that should pretty much disable the generated access control/authentication.
Assuming your extension doesn't require them, you can remove the /views/site/login.php and /components/UserIdentity.php files and other related files as mentioned.
精彩评论