(on Tuesday, 15 September 2009, 05:43 PM -0500):
> Actually I'd spent some time looking at Zend_Auth_Adapter_Chain, but I feel
> like it's addressing a different use case.
>
> It seems like the chain adapter would work best in situations where the same
> set of credentials could be checked against multiple authentication sources for
> instance, a local username/password versus an LDAP username/password. The
> chain adapter makes it easy to support both in a single action with very little
> additional controller logic.
>
> However, if the user input requirements differ for each adapter (e.g., if you
> replace LDAP with OpenID in the above example), the chain approach isn't as
> viable. You now not only need differing authentication logic; you also need
> differing form objects, differing view scripts, and sometimes different action
> methods (esp. relevant w/OpenID, since OpenID auth takes several different
> requests, and not all are guaranteed to be POSTs). This is the use case that
> my proposal is designed to address; using the adapter I've proposed, it's a lot
> easier to support a wide variety of authentication adapters with a wide variety
> of user input requirements from within a single, tidy controller action.
Excellent synopsis of the difference in approach -- I suspected this
might be the case, but wanted you to verify (or not). :)
> All that said, I'm starting to wonder if my proposal might work better as an
> action helper, since the main benefit is the simplification of controller
> logic? It may be more complicated than that, but it's probably worth some
> thought; any ideas?
So, what I'm understanding is that you want functionality that makes it
possible to authenticate against any of several types of authentication
schemes, some of which may require different credentialing mechanisms.
This sounds like application logic in many ways -- even the forms would
differ for each in some cases (OpenID would require a URL only; LDAP and/or
DbTable would require user/pass, etc.). This sounds like several
cross-cutting concerns:
* a form with multiple types of credential, and a selector to
determine which to authenticate against
* logic to switch based on the authentication selector that would then
instantiate the appropriate auth adapter and validate it
The form part could be handled userland, but yes, an action helper that
takes the form input and does the adapter delegation makes sense.
> On Tue, Sep 15, 2009 at 11:29 AM, Matthew Weier O'Phinney <matthew@zend.com>
> wrote:
>
> -- Adam Jensen <jazzslider@gmail.com> wrote
> (on Tuesday, 15 September 2009, 09:40 AM -0500):
> > Several months ago I posted a proposal (http://framework.zend.com/wiki/
> display/
> > ZFPROP/Zend_Auth_Adapter_Flexible+-+Adam+Jensen) for a new kind of
> > authentication adapter which simplifies the process of allowing multiple
> modes
> > of authentication (e.g., email/pass and OpenID) via the same controller
> and
> > view code.
> >
> > Unfortunately, I haven't received any community feedback, which either
> means my
> > proposal is (a) perfect, or (b) totally uninteresting :) I was hoping I
> could
> > entice some of you to take a look at it in the next couple of days to see
> if
> > there's anything I can improve before I promote it to Ready for
> Recommendation.
> > Please let me know what you think; personally, I've found that this
> approach
> > saves me a heck of a lot of code, and I'd love to see it added to the
> > framework.
>
> There's actually a proposal already accepted, Zend_Auth_Adapter_Chain,
> which may already do much of what you're proposing:
>
> http://framework.zend.com/wiki/display/ZFPROP/
> Zend_Auth_Adapter_Chain+-+Geoffrey+Tran
>
> I'm not sure what Geoffrey's timeframe for completion is, however.
>
> --
> Matthew Weier O'Phinney
> Project Lead | matthew@zend.com
> Zend Framework | http://framework.zend.com/
>
>
--
Matthew Weier O'Phinney
Project Lead | matthew@zend.com
Zend Framework | http://framework.zend.com/
没有评论:
发表评论