问题描述
我用 ZF2
结合 ZFCUser
和 bjyauthorize
。我有这应该是全球accessable一个登陆页面。其他所有的页面必须登录后。
I'm using ZF2
in combination with ZFCUser
and bjyauthorize
. I have a landing page which should be globally accessable. All other pages need to be behind a login.
起初我 bjyauthorize
没有让来宾用户访问我的目标网页。但一些讨论后,似乎 ZFCUser
挡住了路。
At first I blamed bjyauthorize
for not letting guest users access my landing page. But after some discussions it seems that ZFCUser
is blocking the way.
我的问题是:我怎么能告诉ZFCUser不能阻止一个页面/动作
My question is: How can I tell ZFCUser not to block one page/action?
编辑:
我的应用程序/ Module.php
看起来像这个帖子。当我在我的应用程序对myApp
添加到whitlist,我可以访问我的目标网页,但所有其他行动对myApp
,以及
My Application/Module.php
looks like in this post. When I add my app myApp
to the whitlist, I can access my landing page but all other actions from myApp
as well.
任何想法如何改变,我可以匹配URL或条件只是whitlist我的前端动作?
Any ideas how to alter the condition that I can match the URL or just whitlist my frontend-action?
也许我可以在第二路由添加到我的目标网页。但是,这不是一个干净的解决方案,对吧?
Maybe I could add a second route to my landing page. But that's not a clean solution, right?
推荐答案
如果你坚持在onBoostrap方法检查验证,你可以做这样的事情:
If you insist on checking authentication in the onBoostrap method you could do something like this:
class Module
{
protected $whitelist = array(
'zfcuser/login' => array('login'),
'your-landing-route' => array('your-landing-action'),
);
public function onBootstrap($e)
{
$app = $e->getApplication();
$em = $app->getEventManager();
$sm = $app->getServiceManager();
$list = $this->whitelist;
$auth = $sm->get('zfcuser_auth_service');
$em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($list, $auth) {
$match = $e->getRouteMatch();
// No route match, this is a 404
if (!$match instanceof RouteMatch) {
return;
}
// Route and action is whitelisted
$routeName = $match->getMatchedRouteName();
$action = $match->getParam("action");
if(array_key_exists($routeName,$list) && in_array($action,$list[$routeName])) {
return;
}
// User is authenticated
if ($auth->hasIdentity()) {
return;
}
// Redirect to the user login page, as an example
$router = $e->getRouter();
$url = $router->assemble(array(), array(
'name' => 'zfcuser/login'
));
$response = $e->getResponse();
$response->getHeaders()->addHeaderLine('Location', $url);
$response->setStatusCode(302);
return $response;
}, -100);
}
}
我刚刚换了code一点点,但让你白名单中还包含具体行动。然后,我们可以检查操作参数更具体一点与你的白名单。
I've just changed the code a little but so your white list also contains specific actions. Then we can check the action parameter to be a little bit more specific with your white listing.
我不知道这是否是做的最好的方式,我只是显示你如何做到这一点。
I don't know if this is the best way to do it, I'm just showing you how you can do it.
我不认为你甚至需要使用 BjyAuthorize
时检查验证,你可以只使用资源的检查。如果用户已经超过了客串角色,任何其他然后他们是真正的用户,并进行身份验证。再次,我不是100%,但我知道我没有在我的应用程序,它使用使用 ZfcUser
认证检查 BjyAuthorize
。我只是用路线警卫指定所需的aparticular路线角色级别。
I don't think you even need to check authentication when using BjyAuthorize
as you can just use resource checks. If a user has anything other than a guest role then they are a real user and are authenticated. Again, I'm not 100% on that but I do know that I don't use ZfcUser
authentication checks in my application which uses BjyAuthorize
. I just use route guards to specify the role level needed for a aparticular route.
也许有人还能澄清这一点?
Maybe somebody else could clarify this?
这篇关于Zend框架2 - ZFCUser - 如何从AUTH排除着陆页的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!