2009年2月26日星期四

Re: [fw-auth] Extending Zend_Auth

i'm can see what you mean about using Zend_ACL but this still wouldn't solve
my problem as if I gave a user a role of banned then their old role would
still be persisted in the session until the next time they authenticate.

I could create a front controller plugin to reauthorise a user on each page
load but it seems far more logical to keep all the authentication in the
same place.

It would be interesting to know how other have handled this and what would
be considered best practice.


keith Pope-4 wrote:
>
> I think you are getting confused with authentication and
> authorization. Authentication is making sure someone who they say they
> are. Authorization is making sure that person can access a resource.
>
> So you have Zend_Auth and Zend_Acl (Authentication & Authorization)
>
> You can do a check per request using an ACL assertion, ala a Front
> Controller Plugin
>
> 2009/2/26 bennyg <ben@magiconlinesolutions.co.uk>:
>>
>> I've implemented Zend_Auth on a new project that I'm working but would
>> like
>> to make a few changes to how it works.
>>
>> The main change I would like to make would be to reauthenticate a user on
>> each page load so if I choose to ban them they get logged out instantly.
>>
>> To me it makes sence to implement this functionality within Zend_Auth by
>> extending the class.
>>
>> I can only find one example of someone extending Zend_Auth so would like
>> to
>> check if this is the best method to solve my problem.
>> --
>> View this message in context:
>> http://www.nabble.com/Extending-Zend_Auth-tp22223840p22223840.html
>> Sent from the Zend Auth mailing list archive at Nabble.com.
>>
>>
>
>
>
> --
> ----------------------------------------------------------------------
> [MuTe]
> ----------------------------------------------------------------------
>
>

--
View this message in context: http://www.nabble.com/Extending-Zend_Auth-tp22223840p22225223.html
Sent from the Zend Auth mailing list archive at Nabble.com.

没有评论: