Zend框架2 - ZFCUser - 如何从AUTH排除着陆页 [英] Zend Framework 2 - ZFCUser - How to exclude landing page from auth

问题描述

我用 ZF2 结合 ZFCUser 和 bjyauthorize 。我有这应该是全球accessable一个登陆页面。其他所有的页面必须登录后。

I'm using ZF2 in combination with ZFCUser and bjyauthorize. I have a landing page which should be globally accessable. All other pages need to be behind a login.

起初我指责 bjyauthorize 没有让来宾用户访问我的目标网页。但一些讨论后，似乎 ZFCUser 挡住了路。

At first I blamed bjyauthorize for not letting guest users access my landing page. But after some discussions it seems that ZFCUser is blocking the way.

我的问题是：我怎么能告诉ZFCUser不能阻止一个页面/动作

My question is: How can I tell ZFCUser not to block one page/action?

编辑：

我的应用程序/ Module.php 看起来像这个帖子。当我在我的应用程序对myApp 添加到whitlist，我可以访问我的目标网页，但所有其他行动对myApp ，以及

My Application/Module.php looks like in this post. When I add my app myApp to the whitlist, I can access my landing page but all other actions from myApp as well.

任何想法如何改变，我可以匹配URL或条件只是whitlist我的前端动作？

Any ideas how to alter the condition that I can match the URL or just whitlist my frontend-action?

也许我可以在第二路由添加到我的目标网页。但是，这不是一个干净的解决方案，对吧？

Maybe I could add a second route to my landing page. But that's not a clean solution, right?

推荐答案

如果你坚持在onBoostrap方法检查验证，你可以做这样的事情：

If you insist on checking authentication in the onBoostrap method you could do something like this:

class Module
{
    protected $whitelist = array(
        'zfcuser/login' => array('login'),
        'your-landing-route' => array('your-landing-action'),
    );

    public function onBootstrap($e)
    {
        $app = $e->getApplication();
        $em  = $app->getEventManager();
        $sm  = $app->getServiceManager();

        $list = $this->whitelist;
        $auth = $sm->get('zfcuser_auth_service');

        $em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($list, $auth) {
            $match = $e->getRouteMatch();

            // No route match, this is a 404
            if (!$match instanceof RouteMatch) {
                return;
            }

            // Route and action is whitelisted
            $routeName = $match->getMatchedRouteName();
            $action = $match->getParam("action");

            if(array_key_exists($routeName,$list) && in_array($action,$list[$routeName])) {
                return;
            }

            // User is authenticated
            if ($auth->hasIdentity()) {
                return;
            }

            // Redirect to the user login page, as an example
            $router   = $e->getRouter();
            $url      = $router->assemble(array(), array(
                'name' => 'zfcuser/login'
            ));

            $response = $e->getResponse();
            $response->getHeaders()->addHeaderLine('Location', $url);
            $response->setStatusCode(302);

            return $response;
        }, -100);
    }
}

我刚刚换了code一点点，但让你白名单中还包含具体行动。然后，我们可以检查操作参数更具体一点与你的白名单。

I've just changed the code a little but so your white list also contains specific actions. Then we can check the action parameter to be a little bit more specific with your white listing.

我不知道这是否是做的最好的方式，我只是显示你如何做到这一点。

I don't know if this is the best way to do it, I'm just showing you how you can do it.

我不认为你甚至需要使用 BjyAuthorize 时检查验证，你可以只使用资源的检查。如果用户已经超过了客串角色，任何其他然后他们是真正的用户，并进行身份验证。再次，我不是100％，但我知道我没有在我的应用程序，它使用使用 ZfcUser 认证检查 BjyAuthorize 。我只是用路线警卫指定所需的aparticular路线角色级别。

I don't think you even need to check authentication when using BjyAuthorize as you can just use resource checks. If a user has anything other than a guest role then they are a real user and are authenticated. Again, I'm not 100% on that but I do know that I don't use ZfcUser authentication checks in my application which uses BjyAuthorize. I just use route guards to specify the role level needed for a aparticular route.

也许有人还能澄清这一点？

Maybe somebody else could clarify this?

这篇关于Zend框架2 - ZFCUser - 如何从AUTH排除着陆页的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！