问题
I installed ZFCUser successfully. Now I wonder if there is a way to globally check for authentication.
As outlined in the wiki there are several ways to check for auth. They all work but do I have to put the check-if-clause really in every single action? All my sites should be only accessable when beeing logged in and if not, you should be rerouted to the login page.
Does anybody know if there's a central place where I can put this logic?
回答1:
To be honest, I don't think it is a good idea to block every page for a non-authenticated user. How would you access the login page?
That said, you must know the page being accessed, to make a whitelist of pages accessible for anonymous visitors. To start, I'd suggest to include the login page. You can check pages the easiest by using their route. So check the current matched route against the whitelist. If blocked, act upon. Otherwise, do nothing.
An example would be inside a Module.php from a module, for example your application:
namespace Application;
use Zend\Mvc\MvcEvent;
use Zend\Mvc\Router\RouteMatch;
class Module
{
protected $whitelist = array('zfcuser/login');
public function onBootstrap($e)
{
$app = $e->getApplication();
$em = $app->getEventManager();
$sm = $app->getServiceManager();
$list = $this->whitelist;
$auth = $sm->get('zfcuser_auth_service');
$em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($list, $auth) {
$match = $e->getRouteMatch();
// No route match, this is a 404
if (!$match instanceof RouteMatch) {
return;
}
// Route is whitelisted
$name = $match->getMatchedRouteName();
if (in_array($name, $list)) {
return;
}
// User is authenticated
if ($auth->hasIdentity()) {
return;
}
// Redirect to the user login page, as an example
$router = $e->getRouter();
$url = $router->assemble(array(), array(
'name' => 'zfcuser/login'
));
$response = $e->getResponse();
$response->getHeaders()->addHeaderLine('Location', $url);
$response->setStatusCode(302);
return $response;
}, -100);
}
}
回答2:
On ZF 2.4.2 I do this in Module.php
class module {
protected $whitelist = array(
'Application\Controller\Login'
);
public function onBootstrap(MvcEvent $e)
{
$eventManager = $e->getApplication()->getEventManager();
$moduleRouteListener = new ModuleRouteListener();
$moduleRouteListener->attach($eventManager);
// add event
$eventManager->attach('dispatch', array($this, 'checkLogin'));
}
public function checkLogin($e)
{
$auth = $e->getApplication()->getServiceManager()->get("Zend\Authentication\AuthenticationService");
$target = $e->getTarget();
$match = $e->getRouteMatch();
$controller = $match->getParam('controller');
if( !in_array($controller, $this->whitelist)){
if( !$auth->hasIdentity() ){
return $target->redirect()->toUrl('/login');
}
}
}
//other methods....
}
回答3:
You can use ZF2 module BjyAuthorize to block/allow access to pages based on user roles such as guest, user etc using controller guard, route guard etc
回答4:
People,
Tip, dont forget the add the "use" to correct RouteMatch statement:
use Zend\Mvc\Router\Http\RouteMatch;
Here need this:
if (!$match instanceof RouteMatch)...
If you forget, the if above have inconstant
回答5:
Another option might be to create your own abstract controller superclass and implement the onDispatch() method like this:
public function onDispatch(MvcEvent $e)
{
// check authentication here
return parent::onDispatch($e);
}
You can implement a whitelist there too :).
来源:https://stackoverflow.com/questions/14137868/zend-framework-2-global-check-for-authentication-with-zfcuser