如何在Zend MVC中实现SSL [英] How to implement SSL in Zend MVC

查看:59
本文介绍了如何在Zend MVC中实现SSL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我以前通过使用特定的安全文件夹(例如,服务器上的https文件夹vs http文件夹)来实现安全页面.我已经开始使用Zend Framework,并且希望应用程序的某些部分(例如登录名)使用https.我在google上甚至在这里都进行了搜索,但是找不到任何说明该如何处理的内容.我可以为特定的控制器/动作使用https吗?谢谢.

解决方案

最干净的方法是为SSL配置创建一个.ini文件,您可以在其中为模型/控制器/操作级别启用SSL支持,例如:

假设您有一个这样的模块/控制器/动作:
SSLModule-> IndexController-> testAction 


## ini file (can be config.ini also)
ssl.modules.SSLModule.require_ssl = true  //-> entire module requires SSL 
ssl.modules.SSLModule.Index.require_ssl = true  //-> entire controller requires SSL
ssl.modules.SSLModule.Index.test.require_ssl = true  //-> single action requires SSL

您可以通过配置或单独进行解析,并且在Bootstrap文件中可以包含controllerplugin,例如此处的我的

.

还有许多其他方法可以做到这一点,但我想您会明白的!


class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract
{

    public function preDispatch ( Zend_Controller_Request_Abstract $request )
    {

        $shouldSecureUrl = false;

        //get the config settings for SSL
        $options = Application_ServiceManager::getConfig()->ssl;

        //if config is empty, exit
        if (!is_object($options))
            return;

        //simpler to use    
        $options = $options->toArray();

        //only use it production environment
        if ( APPLICATION_ENV == 'production' )
        {

            if (

                ( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] )  ||
                ( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] )  ||
                ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )

            )
            {

                $shouldSecureUrl = true;

            }

            if ( $shouldSecureUrl )
            {

                $this->_secureUrl($request);

            }
        }
    }


    protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
    {

        $server = $request->getServer();
        $hostname = $server['HTTP_HOST'];

        if ( ! $request->isSecure() )
        {
            $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
             $request->getPathInfo();

            $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
            $redirector->setGoToUrl($url);
            $redirector->redirectAndExit();
        }
    }
}

我忘了提及:将其添加到您的引导程序中:


$Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );

I have implemented secure pages before by using a specific secure folder (eg https folder vs http folder on the server). I have started using Zend Framework and would like parts of the application (eg login) to use https. I have searched on google and even here but could not find anything that explains how to handle this. Can I have https for specific controllers/actions? Thanks.

解决方案

The cleanest way is to have an .ini file for the SSL config where you can enable SSL support for model/controller/action levels, like so:

Let's say you have a module/controller/action like this:
SSLModule->IndexController->testAction


## ini file (can be config.ini also)
ssl.modules.SSLModule.require_ssl = true  //-> entire module requires SSL 
ssl.modules.SSLModule.Index.require_ssl = true  //-> entire controller requires SSL
ssl.modules.SSLModule.Index.test.require_ssl = true  //-> single action requires SSL

You parse this either through config, or separately, and in your Bootstrap file you can include a controllerplugin, like mine here.

There are many other ways to do this, but I think you get the idea!


class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract
{

    public function preDispatch ( Zend_Controller_Request_Abstract $request )
    {

        $shouldSecureUrl = false;

        //get the config settings for SSL
        $options = Application_ServiceManager::getConfig()->ssl;

        //if config is empty, exit
        if (!is_object($options))
            return;

        //simpler to use    
        $options = $options->toArray();

        //only use it production environment
        if ( APPLICATION_ENV == 'production' )
        {

            if (

                ( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] )  ||
                ( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] )  ||
                ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )

            )
            {

                $shouldSecureUrl = true;

            }

            if ( $shouldSecureUrl )
            {

                $this->_secureUrl($request);

            }
        }
    }


    protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
    {

        $server = $request->getServer();
        $hostname = $server['HTTP_HOST'];

        if ( ! $request->isSecure() )
        {
            $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
             $request->getPathInfo();

            $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
            $redirector->setGoToUrl($url);
            $redirector->redirectAndExit();
        }
    }
}

I forgot to mention: to add it in your bootstrap: 


$Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );

这篇关于如何在Zend MVC中实现SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆