PhpRiot
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...


When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

Authentication

Zend_Amf_Server allows you to specify authentication and authorization hooks to control access to the services. It is using the infrastructure provided by Zend_Auth and Zend_Acl components.

In order to define authentication, the user provides authentication adapter extening Zend_Amf_Auth_Abstract abstract class. The adapter should implement the authenticate() method just like regular authentication adapter.

The adapter should use properties _username and _password from the parent Zend_Amf_Auth_Abstract class in order to authenticate. These values are set by the server using setCredentials() method before call to authenticate() if the credentials are received in the AMF request headers.

The identity returned by the adapter should be an object containing property role for the ACL access control to work.

If the authentication result is not successful, the request is not proceseed further and failure message is returned with the reasons for failure taken from the result.

The adapter is connected to the server using setAuth() method:

<?php
$server
->setAuth(new My_Amf_Auth());

Access control is performed by using Zend_Acl object set by setAcl() method:

<?php
$acl 
= new Zend_Acl();
createPermissions($acl); // create permission structure
$server->setAcl($acl);

If the ACL object is set, and the class being called defines initAcl() method, this method will be called with the ACL object as an argument. The class then can create additional ACL rules and return TRUE, or return FALSE if no access control is required for this class.

After ACL have been set up, the server will check if access is allowed with role set by the authentication, resource being the class name (or NULL for function calls) and privilege being the function name. If no authentication was provided, then if the anonymous role was defined, it will be used, otherwise the access will be denied.

<?php
if($this->_acl->isAllowed($role$class$function)) {
    return 
true;
} else {
    require_once 
'Zend/Amf/Server/Exception.php';
    throw new 
Zend_Amf_Server_Exception("Access not allowed");
}

Zend Framework