我试图通过Zend\Authentication\Adapter\Http
执行基于HTTP的身份验证,如the ZF2 documentation about the HTTP Authentication Adapter中所述。通过使用Zend Framework进行HTTP身份验证来阻止访问
我想阻止每个传入的请求,直到用户代理进行身份验证,但我不确定如何在我的模块中实现此。
我将如何设置我的Zend \ Mvc应用程序拒绝访问我的控制器?
我试图通过Zend\Authentication\Adapter\Http
执行基于HTTP的身份验证,如the ZF2 documentation about the HTTP Authentication Adapter中所述。通过使用Zend Framework进行HTTP身份验证来阻止访问
我想阻止每个传入的请求,直到用户代理进行身份验证,但我不确定如何在我的模块中实现此。
我将如何设置我的Zend \ Mvc应用程序拒绝访问我的控制器?
您正在寻找的可能是您的应用程序的Zend\Mvc\MvcEvent::EVENT_DISPATCH
事件附带的听众。
为了阻止您通过身份验证适配器访问任何操作,您需要执行以下操作。首先,定义一个工厂,负责生产的认证适配器:
namespace MyApp\ServiceFactory;
use Zend\ServiceManager\FactoryInterface;
use Zend\ServiceManager\ServiceLocatorInterface;
use Zend\Authentication\Adapter\Http as HttpAdapter;
use Zend\Authentication\Adapter\Http\FileResolver;
class AuthenticationAdapterFactory implements FactoryInterface
{
public function createService(ServiceLocatorInterface $serviceLocator)
{
$config = $serviceLocator->get('Config');
$authConfig = $config['my_app']['auth_adapter'];
$authAdapter = new HttpAdapter($authConfig['config']);
$basicResolver = new FileResolver();
$digestResolver = new FileResolver();
$basicResolver->setFile($authConfig['basic_passwd_file']);
$digestResolver->setFile($authConfig['digest_passwd_file']);
$adapter->setBasicResolver($basicResolver);
$adapter->setDigestResolver($digestResolver);
return $adapter;
}
}
这家工厂将基本上给你配置的权威性适配器,抽象的实例化逻辑了。
让我们继续前进,并附加一个侦听我们的应用程序的dispatch
事件,使我们可以阻止无效的认证头的任何请求:
namespace MyApp;
use Zend\ModuleManager\Feature\ConfigProviderInterface;
use Zend\ModuleManager\Feature\BootstrapListenerInterface;
use Zend\EventManager\EventInterface;
use Zend\Mvc\MvcEvent;
use Zend\Http\Request as HttpRequest;
use Zend\Http\Response as HttpResponse;
class MyModule implements ConfigProviderInterface, BootstrapListenerInterface
{
public function getConfig()
{
// moved out for readability on SO, since config is pretty short anyway
return require __DIR__ . '/config/module.config.php';
}
public function onBootstrap(EventInterface $event)
{
/* @var $application \Zend\Mvc\ApplicationInterface */
$application = $event->getTarget();
$serviceManager = $application->getServiceManager();
// delaying instantiation of everything to the latest possible moment
$application
->getEventManager()
->attach(function (MvcEvent $event) use ($serviceManager) {
$request = $event->getRequest();
$response = $event->getResponse();
if (! (
$request instanceof HttpRequest
&& $response instanceof HttpResponse
)) {
return; // we're not in HTTP context - CLI application?
}
/* @var $authAdapter \Zend\Authentication\Adapter\Http */
$authAdapter = $serviceManager->get('MyApp\AuthenticationAdapter');
$authAdapter->setRequest($request);
$authAdapter->setResponse($response);
$result = $adapter->authenticate();
if ($result->isValid()) {
return; // everything OK
}
$response->setBody('Access denied');
$response->setStatusCode(HttpResponse::STATUS_CODE_401);
$event->setResult($response); // short-circuit to application end
return false; // stop event propagation
}, MvcEvent::EVENT_DISPATCH);
}
}
,然后模块默认配置,在这种情况下被转移到MyModule/config/module.config.php
:
return array(
'my_app' => array(
'auth_adapter' => array(
'config' => array(
'accept_schemes' => 'basic digest',
'realm' => 'MyApp Site',
'digest_domains' => '/my_app /my_site',
'nonce_timeout' => 3600,
),
'basic_passwd_file' => __DIR__ . '/dummy/basic.txt',
'digest_passwd_file' => __DIR__ . '/dummy/digest.txt',
),
),
'service_manager' => array(
'factories' => array(
'MyApp\AuthenticationAdapter'
=> 'MyApp\ServiceFactory\AuthenticationAdapterFactory',
),
),
);
这是你如何完成它的本质。
显然,你需要放置的东西像一个my_app.auth.local.php
文件在您config/autoload/
目录,具体到当前环境中的设置(请注意,这个文件不应该被提交到您的SCM):
<?php
return array(
'my_app' => array(
'auth_adapter' => array(
'basic_passwd_file' => __DIR__ . '/real/basic_passwd.txt',
'digest_passwd_file' => __DIR__ . '/real/digest_passwd.txt',
),
),
);
最终,如果您还想要更好的可测试代码,您可能希望将定义为闭包的侦听器移至实现Zend\EventManager\ListenerAggregateInterface
的自己的类。
您可以使用ZfcUser
作为Zend\Authentication\Adapter\Http
作为后盾,并结合BjyAuthorize
来实现相同的结果,后者处理未经授权的操作的侦听器逻辑。
答案@ocramius是接受的答案但你忘了介绍如何编写两个文件basic_password.txt
和digest_passwd.txt
根据Zend 2 Official Doc about Basic Http Authentication:
basic_passwd.txt
文件包含用户名,领域(同一境界进入你的配置)和普通密码 - ><username>:<realm>:<credentials>\n
digest_passwd.txt
文件包含用户名,域(同一域到您的配置)和密码散列使用MD5哈希 - ><username>:<realm>:<credentials hashed>\n
实施例:
如果basic_passwd.txt
文件:
user:MyApp Site:password\n
然后digest_passwd.txt
文件:
user:MyApp Site:5f4dcc3b5aa765d61d8327deb882cf99\n
另外,您可以使用Apache解析器的HTTP适配器
use Zend\Authentication\Adapter\Http\ApacheResolver;
$path = 'data/htpasswd';
// Inject at instantiation:
$resolver = new ApacheResolver($path);
// Or afterwards:
$resolver = new ApacheResolver();
$resolver->setFile($path);
根据https://zendframework.github.io/zend-authentication/adapter/http/#resolvers
我得到这个错误在Module.php文件“致命错误:调用未定义的方法的Zend \的mvc \应用::连接( )”。我认为这与$ application-> attach有关。你有什么想法可能是错的? – 2013-05-31 05:33:17
我的不好 - 应该是'$ application-> getEventManager() - >附加(...)' - 修复 – Ocramius 2013-05-31 08:29:22