在ZF2项目中,我正在使用身份验证服务来验证用户的登录凭据。这工作正常,除了它只在会话中存储包含用户名的字符串。
我想要的是后续调用 AuthenticationService::getIdentity 以返回一个自定义 Identity 对象,该对象填充了用户数据库 ID、角色和权限(从 RBAC 服务填充),以便会话中的对象更有用一些。
我能够创建这个对象,但不确定将其保留在会话中的最佳方法;理想情况下,我想用键Zend_Auth覆盖该条目,但这似乎不起作用。
到目前为止我的代码:
<?php
namespace AuthenticationController;
use ZendMvcControllerAbstractActionController;
use ZendViewModelViewModel;
use ZendAuthenticationAuthenticationService;
use AuthenticationFormLoginLoginForm;
use ZendFormForm;
use AuthenticationModelIdentityAuthenticatedIdentity;
class AuthenticationController extends AbstractActionController
{
/**
*
* @var AuthenticationService
*/
protected $authenticationService;
/**
*
* @var LoginForm
*/
protected $loginForm;
/**
*
* @param AuthenticationService $authenticationService
* @param LoginForm $loginForm
*/
public function __construct(AuthenticationService $authenticationService, LoginForm $loginForm){
$this->authenticationService = $authenticationService;
$this->loginForm = $loginForm;
}
public function indexAction(){
$form = $this->loginForm;
$viewModel = new ViewModel();
$viewModel->setVariables([
'loginForm' => $form
]);
if($this->getRequest()->isPost() === false){
return $viewModel;
}
$form->setData($this->getRequest()->getPost());
if($form->isValid() === false){
return $viewModel;
}
$data = $form->getData();
$authenticationAdapter = $this->authenticationService->getAdapter();
$authenticationAdapter->setIdentity($data['credentials']['username'])
->setCredential($data['credentials']['password']);
$authenticationResult = $this->authenticationService->authenticate($authenticationAdapter);
if($authenticationResult->isValid() === false){
$viewModel->setVariable('validCredentials', false);
return $viewModel;
}
/**
* Create a user model and save it to the session.
*/
$authenticationResultRow = $authenticationAdapter->getResultRowObject(null, ['password']);
$permissions = $this->rbacService->getPermissionsForUser($authenticationResultRow->user_id);
$roles = $this->rbacService->getRolesForUser($authenticationResultRow->user_id);
$identity = new AuthenticatedIdentity(
$authenticationResult->getIdentity(),
'admin',
$permissions,
$roles
);
$identity->setUserId($authenticationResultRow->user_id);
//how to store this Identity object in session so AuthenticationService will return it?
return $this->redirect()->toRoute('dashboard');
}
}
查看 https://github.com/zendframework/zend-authentication/blob/master/src/AuthenticationService.php#L75 和 https://github.com/zendframework/zend-authentication/blob/master/src/Storage/StorageInterface.php
您可以将AuthenticatedIdentity对象直接写入存储,如下所示:
$this->authenticationService->getStorage()->write($identity);
但是,我建议不要这样做,因为:
- 如果用户的权限/角色在会话期间发生更改,他/她必须注销并重新登录才能看到任何不太用户友好的更改。
- 您的
AuthenticatedIdentity对象及其包含的所有对象都需要可序列化,这可能会变得难以维护。
我会(并且确实)在需要时从数据库或某种形式的缓存中获取用户对象和/或角色,但不将其存储在会话中。