当前位置: 文江博客话题详情

Zend_Auth 身份版本控制

发布于 2024-10-21 18:12:36 字数 506 浏览 1 评论 0原文

有一种情况:我将一些结构化数据(例如数组或对象,甚至字符串)存储为 Zend_Auth 身份。从一个版本到另一个版本,身份的结构可以改变,因此一个版本的身份可以(或不能)与另一版本的应用程序代码兼容。

我希望能够验证存储的身份数据是否符合当前版本的要求。

正如我从手册中看到的,身份是否存在的验证执行方式如下:

$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
    // Identity exists; get it
    $identity = $auth->getIdentity();
}

但是无法挂钩 hasIdentity() 方法或其他地方来执行验证。

我认为做到这一点的唯一方法是实现我自己的 Zend_Auth_Storage_Interface 类,该类将使用其他一些存储作为实现并执行存储数据的验证。

还有更妥善的解决办法吗?

原文

There is a situation: I store some structured data (e.g. array or object, or even string) as a Zend_Auth identity. From version to version the structure of identity could be changed thus identity from one version could (or could not) be compatible with application code of another version.

I'd like to have an ability to validate whether the stored identity data conform to current version requirements.

As I see from the manual, the verification of whether the identity exists is performed like:

$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
    // Identity exists; get it
    $identity = $auth->getIdentity();
}

But there is no ability to hook into hasIdentity() method or somewhere else to perform the validation.

The only way I see to do that is to implement my own Zend_Auth_Storage_Interface class that will use some other storage as implementation and perform the validation of stored data.

Is there any more proper solution?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

本王不退位尔等都是臣 2024-10-28 18:12:36

我不太确定理解,但看起来您误解了授权和身份验证之间的区别。

Zend_Auth 与身份验证有关,因此您不应该使用 Zend_Auth 来处理授权,而是使用 Zend_Acl。

但是,如果您想要存储来自身份验证过程(即数据库身份验证)的附加信息,您可以使用 getResultRowObject($returnColumns, $ommitColumns); 方法。

根据您当前的适配器,有多种实现来获取“行对象”。

Zend_Auth_Storage_Interface 是关于存储结果的,我认为您不需要执行这样的实现,因为它是关于将身份对象存储在会话或数据库中。

您可能想要的是使用 Zend_Acl 并构造一个访问控制列表,该列表一般定义一个角色可以是用户)、一个资源您的版本化应用程序),特权可以使用或不使用

注意: *大多数人都会遇到困难使用 Zend_Acl 因为他们在 Module/Controller/Action 中思考,但这只是定义资源的一种方式。
资源可以是您想要的任何内容:整个应用程序、控制器操作、视图、另一个用户、数据库连接等。*

I'm not totally sure to understand but it looks like you misunderstanding the difference between Authorization and Authentication.

Zend_Auth is about Authentication, therefore you should not use Zend_Auth to process Authorization but Zend_Acl.

However, if what you want is to store an additional information from the Authentication process (ie Database Authentication) you can use the getResultRowObject($returnColumns, $ommitColumns); method.

There are several implementation to get the "Row Object" depending on your current Adapter.

Zend_Auth_Storage_Interface is about storing the result, I don't think you'll need to do such implementation since it's about storing the identity object in session or in a database for example.

What you may want is to use Zend_Acl and construct an Access Control List which defines generically a Role (can be an user), a Resource (your version-ed application), a Privilege (can use or not)

Note: *Most people have difficulties to use Zend_Acl because they think in Module/Controller/Action, but it is just one way to define resource.
A resource can be whatever you want, a entire application, a controller action, a view, another user, a database connection, etc.*

回复 原文
梦里梦着梦中梦 2024-10-28 18:12:36

即使您接受了上面的答案,我相信您还需要其他东西。

$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
    // Identity exists - validate if it's valid

    $identity = $auth->getIdentity();
    if (!HelperClass::validateIdentity($identity)) { //you validation method
         /* User has stored identity from previous version. 
          * It may miss some important info (like a role value
          * you added recently). Clear it and require re-login. */
         $auth->clearIdentity();
         $this->_helper->flashMessenger('Please login ...');
         $this->_helper->redirector('login');
    }
    // identity is valid
    $acl = Acl::factory(); //get acl object somehow
    if (!$acl->isAllowed($module.$controller.$action, $identity->role)) {
         throw new AccessDeniedException();
    }
    // else nothing -> user has valid session data and is allowed to access the resource. 
}

Even though you accepted the answer above I believe you need something else.

$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
    // Identity exists - validate if it's valid

    $identity = $auth->getIdentity();
    if (!HelperClass::validateIdentity($identity)) { //you validation method
         /* User has stored identity from previous version. 
          * It may miss some important info (like a role value
          * you added recently). Clear it and require re-login. */
         $auth->clearIdentity();
         $this->_helper->flashMessenger('Please login ...');
         $this->_helper->redirector('login');
    }
    // identity is valid
    $acl = Acl::factory(); //get acl object somehow
    if (!$acl->isAllowed($module.$controller.$action, $identity->role)) {
         throw new AccessDeniedException();
    }
    // else nothing -> user has valid session data and is allowed to access the resource. 
}
回复 原文
~没有更多了~

关于作者

℉服软

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文