重定向请求在Zend Application中形成了一个万能的控制器,而不会永远循环
[英]Redirecting requests form a catch-all controller in Zend Application without looping forever
问题描述
There are plenty of related posts to what I'm asking, but after some lengthy searches couldn't quite find what I was looking for, my apologies if it exists somewhere. 
有很多与我要问有关的帖子,但是经过长时间的搜索后仍然找不到我想要的东西,如果在某处存在,我深表歉意。
My goal -- ALL requests to my Zend App must go through a preDispatch plugin, then pass to a custom Auth controller that will decide whether existing auth credentials are sufficient for the requested operation. 我的目标-对Zend App的所有请求都必须通过preDispatch插件,然后传递到自定义Auth控制器,该控制器将决定现有的身份验证凭据是否足以满足所请求的操作。 'Sufficient' depends on the logic of the app, hence why I want to do this at the controller+model level. “足够”取决于应用程序的逻辑,因此为什么我要在控制器+模型级别执行此操作。 If they suffice, they send the original request along to the specified controller+action, if not they default to a 'get lost' action. 如果足够,则将原始请求发送到指定的controller + action,否则将其默认为“迷路”动作。
At present I'm using an auth custom plugin set in the preDispatch to simply check for POST'ed auth credentials (if we are logging in), then in all cases the plugin stores the original request and redirects everyone (auth'd or not) to my auth controller, a-la: 目前,我正在使用preDispatch中设置的auth自定义插件来简单地检查POST的身份验证凭据(如果我们正在登录),那么在所有情况下,该插件都会存储原始请求并重定向所有人(是否经过身份验证) )到我的身份验证控制器a-la:
$request->setModuleName('default')
->setControllerName('auth')
->setActionName('check')
->setParam('oreq',$request->getParams());
My problem/question is that within my auth->check action, how should I perform the redirect after a decision is made? 我的问题/问题是在我的auth-> check动作中,做出决定后应如何执行重定向? If I use: 如果我使用:
$this->_helper->redirector($or['action'], $oreq['controller']);
then I obviously get an infinite loop as these requests pass through the preDispatch plugin again. 然后当这些请求再次通过preDispatch插件时,我显然会陷入无限循环。 Sure I could pass something with the redirect so that the Auth plugin ignores such requests, but this is clearly a security hole. 当然,我可以通过重定向传递一些信息,以便Auth插件忽略此类请求,但这显然是一个安全漏洞。 I had thought about maybe generating and storing an md5 hash, storing it to session and passing that as an escape param, but that seems a little sketchy. 我曾考虑过可能会生成并存储md5哈希,将其存储到会话中并将其作为转义参数进行传递,但这似乎有些粗略。
Any better ideas out there? 还有更好的主意吗? Perhaps a redirect method that does not go through the standard predispatch routine in Zend App? 也许没有通过Zend App中的标准预调度例程的重定向方法? Thanks in advance! 提前致谢!
1 个解决方案
解决方案1
0 已采纳 2011-12-22 17:21:56
This is not how it is done usually in Zend Framework. 这不是通常在Zend Framework中完成的方式。 Not all requests go to a common place and gets redirected to the original requested place authentication. 并非所有请求都转到一个公共位置,并重定向到原始请求的位置认证。
For access control, use Zend_Acl . 对于访问控制,请使用Zend_Acl 。 Through that, you could easily determine whether the current user has the necessary auth to access the content, else redirect to 'get lost' action. 这样,您可以轻松确定当前用户是否具有访问内容所需的身份验证,否则可以重定向到“迷路”操作。
If you are still adamant on using your technique, use _forward method instead of redirect method. 如果您仍然坚持使用自己的技术,请使用_forward方法而不是redirect方法。
Since _forward is an internal redirect, you could pass additional arguments and check that in preDispath to avoid a loop. 由于_forward是内部重定向,因此您可以传递其他参数并在preDispath中进行检查以避免循环。
$this->_forward($action, $controller, $module, $params)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.