Zend_Auth的最佳实践 [英] Zend_Auth best practices
问题描述
我的目标是为特定的网页登录。我使用Zend Framework MVC和我试图找到有关最佳做法范例。
什么我在寻找一些注意事项:
- 我想不登录的用户得到一个登录框,然后返回到登录页面的版本,一旦通过验证
- 我想使用依赖注入,避免单身
- 小code足迹 - 扎入Zend的MVC结构
- 如果登录框是一个独立的控制器,做头重定向?如何AUTH成功后返回到登陆页面?一个想法,只需调用登录控制器动作,以显示在登陆页面的登录框,或者这是关于搜索引擎索引的缺点?
- 可以使用外部库处理Cookie
或者完全不同的东西。我是相当新的Zend框架,我想这样做正确的方式。
- 我想不登录的用户得到一个登录框,然后返回到登录
在页面的版本,一旦
验证
块引用>使用一个 FrontController插件并重定向或转发给您在loginAction。
- 我想使用依赖注入,避免单身
块引用>Zend框架,目前不运送任何离子系统,然而,Zend_Application_Resource_ *实际上代替它。什么样的依赖性会需要在这里?
- 小code足迹 - 扎入Zend的MVC结构
块引用>这是给你的。
- 如果登录框是一个独立的控制器,做头重定向?怎么样
验证后的返回着陆页
成功?一个想法,只需调用
登录控制器动作,显示
登录框在登陆页面,或者是
这是一个缺点关于搜索
引擎索引?
块引用>我主要使用一种特殊的
AuthController
与的LoginAction
&安培;LogoutAction
。为了将用户重定向到该页面试图查看,我总是在我的形式添加RETURNURL
元素,我注入了请求的URL的价值才能够重定向用户,如果没有,我重定向他到指数/仪表板,要看情况。
- 可以使用外部库处理Cookie
块引用>Zend_Auth的允许你设置你的<一个href=\"http://framework.zend.com/manual/en/zend.auth.introduction.html#zend.auth.introduction.persistence.custom\"相对=nofollow>自己的存储机制,所以才实现的接口。
$ AUTH = Zend_Auth的::的getInstance();
$ auth-&GT; setStorage(新My_Auth_Storage());但是的从不的一个cookie存储认证结果,它很容易进行修改并访问您的网站。
您还可以看看我的一个<一href=\"http://stackoverflow.com/questions/5282549/zend-auth-identity-versioning/5282696#5282696\">$p$pvious回答。
My goal is to require login for certain pages. I am using Zend Framework MVC, and I'm trying to find examples regarding best practices.
Some notes on what I'm looking for:
- I want non-logged in users to get a login box, and then return to logged in version of the page, once authenticated
- I want to use dependency injection, and avoid singletons
- Small code footprint - tie into Zend mvc structure
- Should login box be a separate controller and do header redirect? How to return to landing page after auth success? An idea to simply call the login controller action to display the login box in the landing page, or is this a disadvantage regarding search engine indexing?
- Be able to use external library for handling cookies
Or something completely different. I'm fairly new to the Zend framework, and I want to do it 'the right way'.
解决方案
- I want non-logged in users to get a login box, and then return to logged in version of the page, once authenticated
Use a FrontController plugin and redirect or forward them to your loginAction.
- I want to use dependency injection, and avoid singletons
Zend Framework, doesn't currently ship any DI system, however, the Zend_Application_Resource_* actually replace it. What kind of dependency would you need here?
- Small code footprint - tie into Zend mvc structure
That's up to you.
- Should login box be a separate controller and do header redirect? How to return to landing page after auth success? An idea to simply call the login controller action to display the login box in the landing page, or is this a disadvantage regarding search engine indexing?
I mostly use a special
AuthController
withLoginAction
&LogoutAction
. To redirect the user to the page is was trying to view, I always add areturnUrl
element in my forms, and I inject the value of the requested URL to be able to redirect the user, and if none, I redirect him to the index/dashboard, depends.
- Be able to use external library for handling cookies
Zend_Auth allows you to set your own storage mechanism, so just implement the interface.
$auth = Zend_Auth::getInstance(); $auth->setStorage(new My_Auth_Storage());
But never store authentication result in a cookie, it's so easy to modify it and access your website.
You may also take a look to one of my previous answer.
这篇关于Zend_Auth的最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!