Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Kevin Schroeder's Blog:
Authentication Using Zend_Amf
Jul 07, 2011 @ 14:39:47

Kevin Schroeder has a new post to his blog today showing how you can use the Zend_Amf component in your Flex+PHP application to authenticate users with the same authentication structure the rest of the application uses.

I forget why, but a few days ago I started doing some digging around with authentication in Zend_Amf_Server. I had figured that I would add an adapter to the Zend_Amf_Server::setAuth() method and that would be it. But I was wrong.

Zend_Auth is used to validate the login information that's passed along and the Zend_Acl checks to see if they have access. To make this work for a connection from Flex, you need to make an authentication adapter and add it (as well as a basic ACL) into your Zend_Amf_Server call.

tagged: zendamf zendacl zendauth authentication tutorial flex

Link:

Chris Hartjes' Blog:
Zend_Application and Zend_Acl
Aug 17, 2010 @ 17:08:49

In a new post to his blog today Chris Hartjes looks at some of his thought process when implementing authentication and access control in his Zend Framework applications.

One of the more frustrating things about using Zend Framework is that for pretty much any topic, there is always at least 2 ways to accomplish a particular task. For a beginner with the framework, this is a humungous barrier to overcome. When I try to implement something, my first question is no longer "how will I do this" but "where the hell should I put this code?". In my case, the problem I was attempting to solve was "how do I implement ACL for one module in my application?"

He found examples using plugins, pieces in the front controller, putting code in preDispatch but they didn't fit his situation. Instead he used these examples to create his solution. The code for this is included in the post along with a unit test (PHPUnit) to help ensure everything's working.

tagged: zendapplication zendacl example unittest

Link:

Chance Garcia's Blog:
Auth/ACL implementation strategies
Aug 10, 2010 @ 17:20:00

In this new post to his blog talks about authentication strategies in Zend Framework applications with the combination of Zend_Acl and Zend_Auth.

I'm going to talk more about ACLs than Auth. Auth is simple, it's the ACL that will trip you up. Since both concepts are coupled together when you're making a login system, I feel it's appropriate to at least touch on Auth. What I want to cover is the ways we can create the ACL object to suit needs based on the scale of the project. I'm going to assume that readers have a passing familiarity with using the Auth and Acl objects and may have even implemented them into projects.

He talks about two things you'd need to consider - scalability (how to define your ACLS: hardcoded, in the navigation object and defined in a database) and working with ACLs in multiple projects.

tagged: zendframework strategy authentication zendauth zendacl

Link:

Juozas Kaziukenas' Blog:
ACL made easy. Part 1
Mar 23, 2010 @ 15:38:52

Juozas Kaziukenas has posted the first part in his look at making ACL easy (access control lists). His examples are more specific to the Zend_Acl component of the Zend Framework, but the concepts can be translated across several different ACL tools out there.

Every now and then I see questions about ACL and how to use it. A lot of web developers are using it without actually knowing what it is and how it works, even though it's powering one of the most important part of applications – user access management.

He starts off with the base level of what an ACL is and how it would work in your application (illustrated by a wrong and right way to handle a simple permission in an application). He talks about roles, resources and privileges as well as how applications using the MVC design pattern make it simple to check the current resource. He also mentions an issue that could be confusing - inheritance.

tagged: acl zendacl zendframework access control role resource privileges

Link:

Adam Jensen's Blog:
Using Zend_Acl with Doctrine record listeners
Nov 25, 2009 @ 17:53:29

Adam Jensen has written up a quick tutorial about using Doctrine record listeners to link a Zend_Acl component with your database.

In previous Zend Framework apps I've written, I often handled access control at the level of the controller action. Each action was represented in the ACL as a resource, and the ACL logic was applied by a custom plugin just prior to any action dispatch. [...] As a result of these concerns, I decided on a lower-level, model-centric approach for this blog: my models are my resources. Each model class implements Zend_Acl_Resource_Interface, and the ACL specifies "create," "read," "update" and "destroy" privileges for each class (more or less).

Checking for the permissions with a setup like this can be time consuming, though, so he found an ally in the record listeners Doctrine allows you to set. He combines a Doctrine_Record_Listener object with a Zend_Acl one in a preInsert method with a getCurrentRole to add the user handling all in one place.

tagged: record listener doctrine zendacl zendframework

Link:

Joe Topjian's Blog:
My Zend_Acl Implementation
Feb 25, 2009 @ 19:45:43

In this recent post to his blog Joe Topjian takes a look at something that has been known to confuse Zend Framework users when trying to set up access control for their application - using the Zend_Acl component.

It seems everyone, myself included, has a bit of a hard time first grasping Zend_Acl. For the time being, I’ve settled on a simple solution. It’s party based on the solution given in the Zend Framework in Action book. I hope you get some use out of it.

His example uses the Zend_Config component to configure his roles and a more centralized approach to validating access for the users - more rules in the INI config file and a custom MyACL class/AclHelper tat are called from the bootstrap file to evaluate where the user can and cant go for each request.

tagged: zendacl implement component custom ini bootstrap zendconfig

Link:

Jani Hartikainen's Blog:
Zend_Acl part 3: creating and storing dynamic ACLs
Feb 19, 2009 @ 13:56:49

Jani Hartikainen has posted the third part of his series looking at access control and the Zend_Acl component of the Zend Framework. This article focuses on creating and storing dynamic ACL lists in a database.

As we have previously looked at ACLs which are hardcoded, we will now look at building a "dynamic" ACL. Previously shown "static" ACLs are good for quick and simple sites, but when you actually require the ability for administrators to define access rights on the fly using an admin panel, they quickly lose their usefulness.

Dynamic lists provide more flexibility in handling the access control of your site - it allows you to only pull what you need (just that user) when you need it. His method uses an ACL factory class to create the Zend_Acl objects for each request. He includes an example of protecting an application used to serve out files to visitors. You can download the code if you'd like to mess around with it yourself.

tagged: zendacl create store dynamic access control tutorial

Link:

Jani Hartikainen's Blog:
Zend_Acl part 2: different roles and resources, more on access
Feb 12, 2009 @ 17:16:34

Continuing on from his previous post in his series, Jani Hartikainen looks again at the Zend_Acl component for access control and how to deal with its "abstract" role.

In the context of Zend_Acl, access to resources is given to roles: A role might be a user's name, a group a user belongs to, or just roles, which have been assigned to a user from the admin panel. Since Zend_Acl only defines an "abstract" role, resource and privilege, how do we deal with all of these using it? Read more to find out! I'll also be addressing some more ways to deal with allowing and denying access.

He looks at how you can use your own role scheme (custom strings with meaning to you and your application) to define what the user can and can't do. He creates a plugin/interface for the framework to help handle this style so that he can compare the user's current identity against the resource type(s) they want to check.

tagged: zendacl access control roles resource tutorial group user

Link:

Jani Hartikainen's Blog:
Zend_Acl part 1: Misconceptions and simple ACLs
Feb 09, 2009 @ 13:55:57

Jani Hartikainen has started off a new series that looks specifically at the Zend_Acl component of the Zend Framework starting with this new post looking at a few of the misconceptions surrounding the component.

I’m going to be writing a weekly series of posts on Zend_Acl. This first post will clear up some common misconceptions regarding Zend_Acl, introduce creating ACLs for simple applications, and give some examples on using the ACL in both non-Zend Framework and Zend Framework applications.

To show the most basic usage (and set a foundation for future articles), he creates a simple ACL system for a Zend Framework application. The system sets up a few different roles (guest, member) and some rules to show who can access what. He ties this into his preDispatch method in his My_Plugin_Acl plugin so that it runs right before the rest of the request is processed. If the user is not allowed, it kicks them other to the authentication controller for them to log in.

tagged: zendacl tutorial example zendframework misconception acl access control

Link:

Matt Stone's Blog:
Using the Zend Framework ACL Library in Codeigniter
Dec 22, 2008 @ 15:30:09

Since the Zend Framework is mostly a library of components behind a framework structure, its parts can also be used individually if need be. In this new post Matt Stone shows how to combine the Zend_Acl component (for access control) with a CodeIgniter framework application.

In this post I will explain how to build simple access control functionality for your Code Igniter application using the Zend Framework ACL library. To follow this tutorial you will need a working installation of Code Igniter and a database. You will also need to download the Zend Framework.

He goes through the whole process - code and all - for pulling in and using the Zend_Acl library complete with a database (schema and inserts provided) as well as a sample controller for CodeIgniter to test things out.

tagged: zendframework codeigniter zendacl library combine component

Link:


Trending Topics: