Class TAuthManager

Description

TAuthManager class

TAuthManager performs user authentication and authorization for a Prado application. TAuthManager works together with a IUserManager module that can be specified via the UserManager property. If an authorization fails, TAuthManager will try to redirect the client browser to a login page that is specified via the LoginPage. To login or logout a user, call login or logout, respectively.

To load TAuthManager, configure it in application configuration as follows, <module id="auth" class="System.Security.TAuthManager" UserManager="users" LoginPage="login" /> <module id="users" class="System.Security.TUserManager" />

  • since: 3.0
  • version: $Id: TAuthManager.php 2365 2008-01-13 16:26:15Z xue $
  • author: Qiang Xue <qiang.xue@gmail.com>

Located in /Security/TAuthManager.php (line 37)

TComponent
   |
   --TApplicationComponent
      |
      --TModule
         |
         --TAuthManager
Class Constant Summary
 RETURN_URL_VAR = 'ReturnUrl'
Method Summary
void doAuthentication (mixed $sender, mixed $param)
void doAuthorization (mixed $sender, mixed $param)
string generateUserKey ()
boolean getAllowAutoLogin ()
string getLoginPage ()
string getReturnUrl ()
string getUserKey ()
void init (TXmlElement $config)
void leave (mixed $sender, mixed $param)
boolean login (string $username, string $password, integer $expire)
void logout ()
void onAuthenticate (mixed $param)
void onAuthorize (mixed $param)
void setAllowAutoLogin (boolean $value)
void setLoginPage (string $pagePath)
void setReturnUrl (string $value)
void setReturnUrlVarName (string $value)
void setUserManager (string|IUserManager $provider)
boolean switchUser (string $username)
void updateSessionUser (IUser $user)
Methods
doAuthentication (line 146)

Performs authentication.

This is the event handler attached to application's Authentication event. Do not call this method directly.

  • access: public
void doAuthentication (mixed $sender, mixed $param)
  • mixed $sender: sender of the Authentication event
  • mixed $param: event parameter
doAuthorization (line 162)

Performs authorization.

This is the event handler attached to application's Authorization event. Do not call this method directly.

  • access: public
void doAuthorization (mixed $sender, mixed $param)
  • mixed $sender: sender of the Authorization event
  • mixed $param: event parameter
generateUserKey (line 318)
  • return: a key used to store user information in session
  • access: protected
  • since: 3.1.1
string generateUserKey ()
getAllowAutoLogin (line 230)
  • return: whether to allow remembering login so that the user logs on automatically next time. Defaults to false.
  • access: public
  • since: 3.1.1
boolean getAllowAutoLogin ()
getLoginPage (line 123)
  • return: path of login page should login is required
  • access: public
string getLoginPage ()
getReturnUrl (line 212)
  • return: URL that the browser should be redirected to when login succeeds.
  • access: public
string getReturnUrl ()
getReturnUrlVarName (line 196)
  • return: the name of the session variable storing return URL. It defaults to 'AppID:ReturnUrl'
  • access: public
string getReturnUrlVarName ()
getUserKey (line 307)
  • return: a unique variable name for storing user session/cookie data
  • access: public
  • since: 3.1.1
string getUserKey ()
getUserManager (line 102)
  • return: user manager instance
  • access: public
IUserManager getUserManager ()
init (line 78)

Initializes this module.

This method is required by the IModule interface.

  • access: public
  • throws: TConfigurationException if user manager does not exist or is not IUserManager
void init (TXmlElement $config)
  • TXmlElement $config: configuration for this module, can be null

Redefinition of:
TModule::init()
Initializes the module.
leave (line 177)

Performs login redirect if authorization fails.

This is the event handler attached to application's EndRequest event. Do not call this method directly.

  • access: public
void leave (mixed $sender, mixed $param)
  • mixed $sender: sender of the event
  • mixed $param: event parameter
login (line 363)

Logs in a user with username and password.

The username and password will be used to validate if login is successful. If yes, a user object will be created for the application.

  • return: if login is successful
  • access: public
boolean login (string $username, string $password, integer $expire)
  • string $username: username
  • string $password: password
  • integer $expire: number of seconds that automatic login will remain effective. If 0, it means user logs out when session ends. This parameter is added since 3.1.1.
logout (line 390)

Logs out a user.

User session will be destroyed after this method is called.

  • access: public
  • throws: TConfigurationException if session module is not loaded.
void logout ()
onAuthenticate (line 252)

Performs the real authentication work.

An OnAuthenticate event will be raised if there is any handler attached to it. If the application already has a non-null user, it will return without further authentication. Otherwise, user information will be restored from session data.

  • access: public
  • throws: TConfigurationException if session module does not exist.
void onAuthenticate (mixed $param)
  • mixed $param: parameter to be passed to OnAuthenticate event
onAuthorize (line 291)

Performs the real authorization work.

Authorization rules obtained from the application will be used to check if a user is allowed. If authorization fails, the response status code will be set as 401 and the application terminates.

  • access: public
void onAuthorize (mixed $param)
  • mixed $param: parameter to be passed to OnAuthorize event
setAllowAutoLogin (line 239)
  • access: public
  • since: 3.1.1
void setAllowAutoLogin (boolean $value)
  • boolean $value: whether to allow remembering login so that the user logs on automatically next time. Users have to enable cookie to make use of this feature.
setLoginPage (line 134)

Sets the login page that the client browser will be redirected to if login is needed.

Login page should be specified in the format of page path.

void setLoginPage (string $pagePath)
  • string $pagePath: path of login page should login is required
setReturnUrl (line 221)

Sets the URL that the browser should be redirected to when login succeeds.

  • access: public
void setReturnUrl (string $value)
  • string $value: the URL to be redirected to.
setReturnUrlVarName (line 204)
  • access: public
void setReturnUrlVarName (string $value)
  • string $value: the name of the session variable storing return URL.
setUserManager (line 111)
  • access: public
  • throws: TInvalidOperationException if the module has been initialized or the user manager object is not IUserManager
void setUserManager (string|IUserManager $provider)
  • string|IUserManager $provider: the user manager module ID or the user manager object
switchUser (line 345)

Switches to a new user.

This method will logout the current user first and login with a new one (without password.)

  • return: if the switch is successful
  • access: public
boolean switchUser (string $username)
  • string $username: the new username
updateSessionUser (line 328)

Updates the user data stored in session.

  • access: public
  • throws: new TConfigurationException if session module is not loaded.
void updateSessionUser (IUser $user)
  • IUser $user: user object

Inherited Methods

Inherited From TModule

TModule::getID()
TModule::init()
TModule::setID()

Inherited From TApplicationComponent

TApplicationComponent::getApplication()
TApplicationComponent::getRequest()
TApplicationComponent::getResponse()
TApplicationComponent::getService()
TApplicationComponent::getSession()
TApplicationComponent::getUser()
TApplicationComponent::publishAsset()
TApplicationComponent::publishFilePath()

Inherited From TComponent

TComponent::addParsedObject()
TComponent::attachEventHandler()
TComponent::canGetProperty()
TComponent::canSetProperty()
TComponent::createdOnTemplate()
TComponent::detachEventHandler()
TComponent::evaluateExpression()
TComponent::evaluateStatements()
TComponent::getEventHandlers()
TComponent::getSubProperty()
TComponent::hasEvent()
TComponent::hasEventHandler()
TComponent::hasProperty()
TComponent::raiseEvent()
TComponent::setSubProperty()
TComponent::__get()
TComponent::__set()
Class Constants
RETURN_URL_VAR = 'ReturnUrl' (line 42)

GET variable name for return url

Documentation generated on Mon, 21 Apr 2008 11:30:38 -0400 by phpDocumentor 1.3.0RC4