如何在Zend MVC中实现SSL [英] How to implement SSL in Zend MVC
问题描述
我以前通过使用特定的安全文件夹(例如,服务器上的https文件夹vs http文件夹)来实现安全页面.我已经开始使用Zend Framework,并且希望应用程序的某些部分(例如登录名)使用https.我在google上甚至在这里都进行了搜索,但是找不到任何说明该如何处理的内容.我可以为特定的控制器/动作使用https吗?谢谢.
最干净的方法是为SSL配置创建一个.ini文件,您可以在其中为模型/控制器/操作级别启用SSL支持,例如:>
假设您有一个这样的模块/控制器/动作:
SSLModule-> IndexController-> testAction
## ini file (can be config.ini also)
ssl.modules.SSLModule.require_ssl = true //-> entire module requires SSL
ssl.modules.SSLModule.Index.require_ssl = true //-> entire controller requires SSL
ssl.modules.SSLModule.Index.test.require_ssl = true //-> single action requires SSL
您可以通过配置或单独进行解析,并且在Bootstrap文件中可以包含controllerplugin,例如此处的我的
.还有许多其他方法可以做到这一点,但我想您会明白的!
class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract
{
public function preDispatch ( Zend_Controller_Request_Abstract $request )
{
$shouldSecureUrl = false;
//get the config settings for SSL
$options = Application_ServiceManager::getConfig()->ssl;
//if config is empty, exit
if (!is_object($options))
return;
//simpler to use
$options = $options->toArray();
//only use it production environment
if ( APPLICATION_ENV == 'production' )
{
if (
( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] ) ||
( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] ) ||
( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )
)
{
$shouldSecureUrl = true;
}
if ( $shouldSecureUrl )
{
$this->_secureUrl($request);
}
}
}
protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
{
$server = $request->getServer();
$hostname = $server['HTTP_HOST'];
if ( ! $request->isSecure() )
{
$url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
$request->getPathInfo();
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->setGoToUrl($url);
$redirector->redirectAndExit();
}
}
}
我忘了提及:将其添加到您的引导程序中:
$Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );
I have implemented secure pages before by using a specific secure folder (eg https folder vs http folder on the server). I have started using Zend Framework and would like parts of the application (eg login) to use https. I have searched on google and even here but could not find anything that explains how to handle this. Can I have https for specific controllers/actions? Thanks.
The cleanest way is to have an .ini file for the SSL config where you can enable SSL support for model/controller/action levels, like so:
Let's say you have a module/controller/action like this:
SSLModule->IndexController->testAction
## ini file (can be config.ini also)
ssl.modules.SSLModule.require_ssl = true //-> entire module requires SSL
ssl.modules.SSLModule.Index.require_ssl = true //-> entire controller requires SSL
ssl.modules.SSLModule.Index.test.require_ssl = true //-> single action requires SSL
You parse this either through config, or separately, and in your Bootstrap file you can include a controllerplugin, like mine here.
There are many other ways to do this, but I think you get the idea!
class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract
{
public function preDispatch ( Zend_Controller_Request_Abstract $request )
{
$shouldSecureUrl = false;
//get the config settings for SSL
$options = Application_ServiceManager::getConfig()->ssl;
//if config is empty, exit
if (!is_object($options))
return;
//simpler to use
$options = $options->toArray();
//only use it production environment
if ( APPLICATION_ENV == 'production' )
{
if (
( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] ) ||
( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] ) ||
( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )
)
{
$shouldSecureUrl = true;
}
if ( $shouldSecureUrl )
{
$this->_secureUrl($request);
}
}
}
protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
{
$server = $request->getServer();
$hostname = $server['HTTP_HOST'];
if ( ! $request->isSecure() )
{
$url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
$request->getPathInfo();
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->setGoToUrl($url);
$redirector->redirectAndExit();
}
}
}
I forgot to mention: to add it in your bootstrap:
$Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );
这篇关于如何在Zend MVC中实现SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!