Blocking access through HTTP authentication using Zend Framework 2

Question

Blocking access through HTTP authentication using Zend Framework 2

I am trying to implement HTTP based authentication through Zend\Authentication\Adapter\Httpas described in the ZF2 documentation on the HTTP authentication adapter .

I want to block every incoming request until the user agent is authenticated, however I'm not sure how to implement this in my module.

How do I configure the Zend \ Mvc application to restrict access to my controllers?

+5

authentication zend-framework2

Matt Mar 17 '13 at 10:41

source share

3 answers

@ocramius basic_password.txt digest_passwd.txt

Zend 2 Official Doc Http:

basic_passwd.txt , ( ) → <username>:<realm>:<credentials>\n
digest_passwd.txt , ( ) MD5 → <username>:<realm>:<credentials hashed>\n

:

if basic_passwd.txt file:

user:MyApp Site:password\n

digest_passwd.txt :

user:MyApp Site:5f4dcc3b5aa765d61d8327deb882cf99\n

+1

ahmed hamdy 02 . '15 15:58

Alternatively, you can use Apache Resolver for the HTTP adapter.

use Zend\Authentication\Adapter\Http\ApacheResolver;

$path = 'data/htpasswd';

// Inject at instantiation:
$resolver = new ApacheResolver($path);

// Or afterwards:
$resolver = new ApacheResolver();
$resolver->setFile($path);

According to https://zendframework.imtqy.com/zend-authentication/adapter/http/#resolvers

0

Willy makend Aug 12 '16 at 11:05

source share

Ocramius · Accepted Answer · 2013-03-18T01:55:33+0000

What you are looking for is probably a listener related to the event of Zend\Mvc\MvcEvent::EVENT_DISPATCHyour application.

, , . , factory, :

namespace MyApp\ServiceFactory;

use Zend\ServiceManager\FactoryInterface;
use Zend\ServiceManager\ServiceLocatorInterface;
use Zend\Authentication\Adapter\Http as HttpAdapter;
use Zend\Authentication\Adapter\Http\FileResolver;

class AuthenticationAdapterFactory implements FactoryInterface
{
    public function createService(ServiceLocatorInterface $serviceLocator)
    {
        $config         = $serviceLocator->get('Config');
        $authConfig     = $config['my_app']['auth_adapter'];
        $authAdapter    = new HttpAdapter($authConfig['config']);
        $basicResolver  = new FileResolver();
        $digestResolver = new FileResolver();

        $basicResolver->setFile($authConfig['basic_passwd_file']);
        $digestResolver->setFile($authConfig['digest_passwd_file']);
        $adapter->setBasicResolver($basicResolver);
        $adapter->setDigestResolver($digestResolver);

        return $adapter;
    }
}

factory auth .

dispatch, :

namespace MyApp;

use Zend\ModuleManager\Feature\ConfigProviderInterface;
use Zend\ModuleManager\Feature\BootstrapListenerInterface;
use Zend\EventManager\EventInterface;
use Zend\Mvc\MvcEvent;
use Zend\Http\Request as HttpRequest;
use Zend\Http\Response as HttpResponse;

class MyModule implements ConfigProviderInterface, BootstrapListenerInterface
{
    public function getConfig()
    {
        // moved out for readability on SO, since config is pretty short anyway
        return require __DIR__ . '/config/module.config.php';
    }

    public function onBootstrap(EventInterface $event)
    {
        /* @var $application \Zend\Mvc\ApplicationInterface */
        $application    = $event->getTarget();
        $serviceManager = $application->getServiceManager();

        // delaying instantiation of everything to the latest possible moment
        $application
            ->getEventManager()
            ->attach(function (MvcEvent $event) use ($serviceManager) {
            $request  = $event->getRequest();
            $response = $event->getResponse();

            if ( ! (
                $request instanceof HttpRequest
                && $response instanceof HttpResponse
            )) {
                return; // we're not in HTTP context - CLI application?
            }

            /* @var $authAdapter \Zend\Authentication\Adapter\Http */
            $authAdapter = $serviceManager->get('MyApp\AuthenticationAdapter');

            $authAdapter->setRequest($request);
            $authAdapter->setResponse($response);

            $result = $adapter->authenticate();

            if ($result->isValid()) {
                return; // everything OK
            }

            $response->setBody('Access denied');
            $response->setStatusCode(HttpResponse::STATUS_CODE_401);

            $event->setResult($response); // short-circuit to application end

            return false; // stop event propagation
        }, MvcEvent::EVENT_DISPATCH);
    }
}

, MyModule/config/module.config.php:

return array(
    'my_app' => array(
        'auth_adapter' => array(
            'config' => array(
                'accept_schemes' => 'basic digest',
                'realm'          => 'MyApp Site',
                'digest_domains' => '/my_app /my_site',
                'nonce_timeout'  => 3600,
            ),
            'basic_passwd_file'  => __DIR__ . '/dummy/basic.txt',
            'digest_passwd_file' => __DIR__ . '/dummy/digest.txt',
        ),
    ),
    'service_manager' => array(
        'factories' => array(
            'MyApp\AuthenticationAdapter'
                => 'MyApp\ServiceFactory\AuthenticationAdapterFactory',
        ),
    ),
);

, .

, - my_app.auth.local.php config/autoload/ , ( , SCM):

<?php
return array(
    'my_app' => array(
        'auth_adapter' => array(
            'basic_passwd_file'  => __DIR__ . '/real/basic_passwd.txt',
            'digest_passwd_file' => __DIR__ . '/real/digest_passwd.txt',
        ),
    ),
);

, , , , , Zend\EventManager\ListenerAggregateInterface.

, ZfcUser, Zend\Authentication\Adapter\Http, BjyAuthorize, .

Blocking access through HTTP authentication using Zend Framework 2

More articles: