Using Zend_Auth to secure all controllers

Question

How would i globally secure all my controllers (except for my Login controller) to ensure my application is secure at all points (no hidden backdoor to ajax calls, etc). I t

Answer 1

The way I did it in one implementation was to create a file called Auth.php in my application path. Then I opened up every controller I wanted to be protected and added the line

include_once APPLICATION_PATH . '/Auth.php';

to the init() method before calling parent::init().

As for the Auth.php file itself, it basically uses Zend_Auth to authenticate. On success I would save the identity of the user for later use in the application

$this->view->assign('myIdentity', Zend_Auth::getInstance()->getIdentity());

On failure I would redirect to the login page and pass some params so that the login page knows where to send me once I'm logged in.

This is not an elegant solution but it's reliable and relatively quick and easy to implement.