phpDocumentor » \AmfphpAuthentication

Authentication for Amfphp.

This plugin can be deactivated if the project doesn't need to protect access to its services.

On a service object, the plugin looks for a method called _getMethodRoles. If the method exists, the plugin will look for a role in the session that matches the role. If the roles don't match, an Exception is thrown. The _getMethodRoles takes a parameter $methodName, and must return an array of strings containing acceptable roles for the method. If the return value is null, it is considered that that particular method is not protected.

For example:

public function _getMethodRoles($methodName){
   if($methodName == 'adminMethod'){
       return array('admin');
   }else{
       return null;
   }
}

To authenticate a user, the plugin looks for a 'login' method. This method can either be called explicitly, or by setting a header with the name 'Credentials', containing {userid: userid, password: password}, as defined by the AS2 NetConnection.setCredentials method. It is considered good practise to have a 'logout' method, though this is optional The login method returns a role in a 'string'. It takes 2 parameters, the user id and the password. The logout method should call AmfphpAuthentication::clearSessionInfo();

See the AuthenticationService class in the test data for an example of an implementation.

Roles are stored in an associative array in $_SESSION[self::SESSION_FIELD_ROLES], using the role as key for easy access

link	https://github.com/silexlabs/amfphp-2.0/blob/master/Tests/TestData/Services/AuthenticationService.php
package	Amfphp_Plugins_Authentication
author	Ariel Sommeria-klein

Methods

constructor.

__construct(array $config)

Parameters

$config

array

optional key/value pairs in an associative array. Used to override default configuration values.

add role

addRole(String $roleToAdd)

Static

Parameters

$roleToAdd

String

clears the session info set by the plugin.

clearSessionInfo()

Static

Use to logout

filter amf request header handler

filterAmfRequestHeaderHandler(Object $handler, \Amfphp_Core_Amf_Header $header) : \AmfphpAuthentication

Parameters

$handler

Object

$header

\Amfphp_Core_Amf_Header

the request header

Returns

\AmfphpAuthentication

called when the service object is created, just before the method call.

filterServiceObject(\<Object> $serviceObject, \<String> $serviceName, \<String> $methodName) : \<array>

Tries to authenticate if a credentials header was sent in the packet. Throws an exception if the roles don't match

Parameters

$serviceObject

\<Object>

$serviceName

\<String>

$methodName

\<String>

Returns

\<array>

looks for a 'Credentials' request header.

handleRequestHeader(\Amfphp_Core_Amf_Header $header) : void

If there is one, uses it to try to authentify the user.

Parameters

$header

\Amfphp_Core_Amf_Header

the request header

Properties

$headerUserId : String

$headerPassword : String

Constants

the name of the method on the service where the method roles are given

METHOD_GET_METHOD_ROLES

the name of the login method

METHOD_LOGIN

the field in the session where the roles array is stored

SESSION_FIELD_ROLES