13

I installed ZFCUser successfully. Now I wonder if there is a way to globally check for authentication.

As outlined in the wiki there are several ways to check for auth. They all work but do I have to put the check-if-clause really in every single action? All my sites should be only accessable when beeing logged in and if not, you should be rerouted to the login page.

Does anybody know if there's a central place where I can put this logic?

4

5 回答 5

26

老实说,我认为阻止未经身份验证的用户访问每个页面并不是一个好主意。您将如何访问登录页面?

也就是说,您必须知道正在访问的页面,才能将匿名访问者可以访问的页面列入白名单。首先,我建议包含登录页面。您可以使用他们的路线最简单地检查页面。因此,根据白名单检查当前匹配的路由。如果被阻止,请采取行动。否则,什么也不做。

一个示例将在模块的 Module.php 中,例如您的应用程序:

namespace Application;

use Zend\Mvc\MvcEvent;
use Zend\Mvc\Router\RouteMatch;

class Module
{
    protected $whitelist = array('zfcuser/login');

    public function onBootstrap($e)
    {
        $app = $e->getApplication();
        $em  = $app->getEventManager();
        $sm  = $app->getServiceManager();

        $list = $this->whitelist;
        $auth = $sm->get('zfcuser_auth_service');

        $em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($list, $auth) {
            $match = $e->getRouteMatch();

            // No route match, this is a 404
            if (!$match instanceof RouteMatch) {
                return;
            }

            // Route is whitelisted
            $name = $match->getMatchedRouteName();
            if (in_array($name, $list)) {
                return;
            }

            // User is authenticated
            if ($auth->hasIdentity()) {
                return;
            }

            // Redirect to the user login page, as an example
            $router   = $e->getRouter();
            $url      = $router->assemble(array(), array(
                'name' => 'zfcuser/login'
            ));

            $response = $e->getResponse();
            $response->getHeaders()->addHeaderLine('Location', $url);
            $response->setStatusCode(302);

            return $response;
        }, -100);
    }
}
于 2013-01-03T11:35:48.720 回答
0

在 ZF 2.4.2 上,我在 Module.php 中执行此操作

class module {

protected $whitelist = array(
    'Application\Controller\Login'
);

public function onBootstrap(MvcEvent $e)
{

    $eventManager        = $e->getApplication()->getEventManager();
    $moduleRouteListener = new ModuleRouteListener();
    $moduleRouteListener->attach($eventManager);

    // add event
    $eventManager->attach('dispatch', array($this, 'checkLogin')); 

}

public function checkLogin($e)
{

    $auth   = $e->getApplication()->getServiceManager()->get("Zend\Authentication\AuthenticationService");
    $target = $e->getTarget();
    $match  = $e->getRouteMatch();

    $controller = $match->getParam('controller');

    if( !in_array($controller, $this->whitelist)){
        if( !$auth->hasIdentity() ){
            return $target->redirect()->toUrl('/login');
        }
    }

}

//other methods....
}
于 2015-05-25T19:33:30.173 回答
0

您可以使用 ZF2 模块BjyAuthorize 阻止/允许基于用户角色访问页面,guest例如user使用controller guardroute guard

于 2015-06-23T12:21:51.477 回答
0

人们,

提示,不要忘记添加“使用”来更正 RouteMatch 语句:

use Zend\Mvc\Router\Http\RouteMatch;

这里需要这个:

if (!$match instanceof RouteMatch)...

如果你忘记了,上面的 if 有变数

于 2015-10-19T11:15:01.587 回答
-3

另一种选择可能是创建自己的抽象控制器超类并实现 onDispatch() 方法,如下所示:

public function onDispatch(MvcEvent $e) 
{
    // check authentication here

    return parent::onDispatch($e);
}

您也可以在那里实施白名单:)。

于 2013-01-07T15:21:45.367 回答