\AmfphpAuthentication

Authentication for Amfphp.

This plugin can be deactivated if the project doesn't need to protect access to its services.

On a service object, the plugin looks for a method called _getMethodRoles. If the method exists, the plugin will look for a role in the session that matches the role. If the roles don't match, an Exception is thrown. The _getMethodRoles takes a parameter $methodName, and must return an array of strings containing acceptable roles for the method. If the return value is null, it is considered that that particular method is not protected.

For example: public function _getMethodRoles($methodName){ if($methodName == 'adminMethod'){


   return array('admin');
}else{
   return null;
}
}

To authenticate a user, the plugin looks for a 'login' method. This method can either be called explicitly, or by setting a header with the name 'Credentials', containing {userid: userid, password: password}, as defined by the AS2 NetConnection.setCredentials method. It is considered good practise to have a 'logout' method, though this is optional The login method returns a role in a 'string'. It takes 2 parameters, the user id and the password. The logout method should call AmfphpAuthentication::clearSessionInfo();

See the AuthenticationService class in the test data for an example of an implementation.

Roles are stored in an associative array in $_SESSION[self::SESSION_FIELD_ROLES], using the role as key for easy access

Summary

Methods

Properties

Constants

__construct()
filterAmfRequestHeaderHandler()
filterServiceObject()
clearSessionInfo()
addRole()
handleRequestHeader()

$headerUserId

SESSION_FIELD_ROLES
METHOD_GET_METHOD_ROLES
METHOD_LOGIN

No protected methods found

$headerPassword

N/A

No private methods found

No private properties found

N/A

File: Plugins/AmfphpAuthentication/AmfphpAuthentication.php
Package: \Amfphp_Plugins_Authentication
Class hierarchy: \AmfphpAuthentication
See also: https://github.com/silexlabs/amfphp-2.0/blob/master/Tests/TestData/Services/AuthenticationService.php

Constants

SESSION_FIELD_ROLES

SESSION_FIELD_ROLES

the field in the session where the roles array is stored

METHOD_GET_METHOD_ROLES

METHOD_GET_METHOD_ROLES

the name of the method on the service where the method roles are given

METHOD_LOGIN

METHOD_LOGIN

the name of the login method

Properties

$headerUserId

$headerUserId : String

the user id passed in the credentials header

Type

String

$headerPassword

$headerPassword : String

the password passed in the credentials header

Type

String

Methods

__construct()

__construct(array $config)

constructor.

Parameters

array

$config

optional key/value pairs in an associative array. Used to override default configuration values.

filterAmfRequestHeaderHandler()

filterAmfRequestHeaderHandler(Object $handler, \Amfphp_Core_Amf_Header $header) : \AmfphpAuthentication

filter amf request header handler

Parameters

Object	$handler
\Amfphp_Core_Amf_Header	$header	the request header

Returns

\AmfphpAuthentication

filterServiceObject()

filterServiceObject(\<Object> $serviceObject, \<String> $serviceName, \<String> $methodName) : \<array>

called when the service object is created, just before the method call.

Tries to authenticate if a credentials header was sent in the packet. Throws an exception if the roles don't match

Parameters

\	$serviceObject
\	$serviceName
\	$methodName

Returns

clearSessionInfo()

clearSessionInfo()

clears the session info set by the plugin. Use to logout

addRole()

addRole(String $roleToAdd)

add role

Parameters

String

$roleToAdd

handleRequestHeader()

handleRequestHeader(\Amfphp_Core_Amf_Header $header) : void

looks for a 'Credentials' request header. If there is one, uses it to try to authentify the user.

Parameters

\Amfphp_Core_Amf_Header

$header

the request header