Path

ez components / documentation / api reference / 2009.1.2 / authentication


eZ Components 2009.1.2

Authentication: ezcAuthenticationGroupFilter

[ Tutorial ] [ Rfcs ] [ Security ] [ Class tree ] [ Element index ] [ ChangeLog ] [ Credits ]

Class: ezcAuthenticationGroupFilter

Group authentication filters together. [source]
If there are no filters in the group, then the run() method will return STATUS_OK.
The way of grouping the filters is specified with the mode option:
  • ezcAuthenticationGroupFilter::MODE_OR (default): at least one filter in the group needs to succeed in order for the group to succeed.
  • ezcAuthenticationGroupFilter::MODE_AND: all filters in the group need to succeed in order for the group to succeed.
Example of using the mode option:
1.  $options new ezcAuthenticationGroupOptions();
2.  $options->mode ezcAuthenticationGroupFilter::MODE_AND;
3.  
4.  // $filter1 and $filter2 are authentication filters which all need to succeed
5.  // in order for the group to succeed
6.   $filter new ezcAuthenticationGroupFilterarray$filter1$filter2 )$options );
Example of using the group filter with LDAP and Database filters:
 1.  $credentials new ezcAuthenticationPasswordCredentials'jan.modaal''qwerty' );
 2.  
 3.  // create a database filter
 4.   $database new ezcAuthenticationDatabaseInfoezcDbInstance::get()'users'array'user''password' ) );
 5.  $databaseFilter new ezcAuthenticationDatabaseFilter$database );
 6.  
 7.  // create an LDAP filter
 8.   $ldap new ezcAuthenticationLdapInfo'localhost''uid=%id%''dc=example,dc=com'389 );
 9.  $ldapFilter new ezcAuthenticationLdapFilter$ldap );
10.  $authentication new ezcAuthentication$credentials );
11.  
12.  // use the database and LDAP filters in paralel (at least one needs to succeed in
13.  // order for the user to be authenticated)
14.   $authentication->addFilternew ezcAuthenticationGroupFilterarray$databaseFilter$ldapFilter ) ) );
15.  // add more filters if needed
16.   if !$authentication->run() )
17.  {
18.      // authentication did not succeed, so inform the user
19.           $status $authentication->getStatus();
20.      $err array(
21.              array'ezcAuthenticationLdapFilter' => array(
22.                  ezcAuthenticationLdapFilter::STATUS_USERNAME_INCORRECT => 'Incorrect username',
23.                  ezcAuthenticationLdapFilter::STATUS_PASSWORD_INCORRECT => 'Incorrect password'
24.                  ) ),
25.              array'ezcAuthenticationDatabaseFilter' => array(
26.                  ezcAuthenticationDatabaseFilter::STATUS_USERNAME_INCORRECT => 'Incorrect username',
27.                  ezcAuthenticationDatabaseFilter::STATUS_PASSWORD_INCORRECT => 'Incorrect password'
28.                  ) )
29.              );
30.      foreach $status as $line => $error )
31.      {
32.          list$key$value each$error );
33.          echo $err[$line][$key][$value"\n";
34.      }
35.  }
36.  else
37.  {
38.      // authentication succeeded, so allow the user to see his content
39.   }
It is possible to use multiple credentials when grouping filters together, by enabling the option multipleCredentials for the Group filter object. When this option is enabled, each filter added to the group must have a credentials object passed along with it.
Example of using the Group filter to handle multiple credentials:
 1.  $credentials1 new ezcAuthenticationPasswordCredentials'jan.modaal''b1b3773a05c0ed0176787a4f1574ff0075f7521e' )// incorrect password
 2.   $credentials2 new ezcAuthenticationPasswordCredentials'john.doe''wpeE20wyWHnLE' )// correct username + password
 3.  
 3.  
 4.  $options new ezcAuthenticationGroupOptions();
 5.  $options->multipleCredentials true;
 6.  $options->mode ezcAuthenticationGroupFilter::MODE_AND;
 7.  $group new ezcAuthenticationGroupFilterarray()$options );
 8.  
 9.  $group->addFilternew ezcAuthenticationHtpasswdFilter'../../tests/filters/htpasswd/data/htpasswd' )$credentials1 );
10.  $group->addFilternew ezcAuthenticationHtpasswdFilter'../../tests/filters/htpasswd/data/htpasswd' )$credentials2 );
11.  
12.  $authentication new ezcAuthentication$credentials1 );
13.  $authentication->addFilter$group );
14.  // add more filters if needed
15.  
15.  
16.  if !$authentication->run() )
17.  {
18.      // authentication did not succeed, so inform the user
19.           $status $authentication->getStatus();
20.  
21.      $err array(
22.                  array'ezcAuthenticationHtpasswdFilter' => array(
23.                          ezcAuthenticationHtpasswdFilter::STATUS_OK => '',
24.                          ezcAuthenticationHtpasswdFilter::STATUS_USERNAME_INCORRECT => 'Incorrect username ' $credentials1->id,
25.                          ezcAuthenticationHtpasswdFilter::STATUS_PASSWORD_INCORRECT => 'Incorrect password for ' $credentials1->id
26.                          ) ),
27.  
28.                  array'ezcAuthenticationHtpasswdFilter' => array(
29.                          ezcAuthenticationHtpasswdFilter::STATUS_OK => '',
30.                          ezcAuthenticationHtpasswdFilter::STATUS_USERNAME_INCORRECT => 'Incorrect username ' $credentials2->id,
31.                          ezcAuthenticationHtpasswdFilter::STATUS_PASSWORD_INCORRECT => 'Incorrect password for ' $credentials2->id
32.                          ) )
33.                  );
34.  
35.      foreach $status as $line => $error )
36.      {
37.          list$key$value each$error );
38.          echo $err[$line][$key][$value"\n";
39.      }
40.  }
41.  else
42.  {
43.      // authentication succeeded, so allow the user to see his content
44.   }

Parents

ezcAuthenticationFilter
   |
   --ezcAuthenticationGroupFilter

Constants

MODE_AND = 2 All the filters need to succeed in order for the group to succeed.
MODE_OR = 1 At least one filter needs to succeed in order for the group to succeed.
STATUS_GROUP_FAILED = 1 All or some of the filters in the group failed (depeding on the mode option).

Inherited Constants

From ezcAuthenticationFilter:
ezcAuthenticationFilter::STATUS_OK    Successful authentication.

Properties

ezcAuthenticationStatus read/write  $status
The status object which holds the status of the run filters.

Member Variables

protected array(ezcAuthenticationFilter) $filters = array()
Authentication filters.

Inherited Member Variables

From ezcAuthenticationFilter:
protected  ezcAuthenticationFilter::$options

Method Summary

public ezcAuthenticationGroupFilter __construct( $filters, [$options = null] )
Creates a new object of this class.
public void addFilter( $filter, [$credentials = null] )
Adds an authentication filter at the end of the filter list.
public int run( $credentials )
Runs the filter and returns a status code when finished.

Inherited Methods

From ezcAuthenticationFilter :
public ezcAuthenticationFilterOptions ezcAuthenticationFilter::getOptions()
Returns the options of this class.
public abstract int ezcAuthenticationFilter::run()
Runs the filter and returns a status code when finished.
public void ezcAuthenticationFilter::setOptions()
Sets the options of this class to $options.

Methods

__construct

ezcAuthenticationGroupFilter __construct( $filters, [ezcAuthenticationGroupOptions $options = null] )
Creates a new object of this class.
The filters can be specified as an array of filter objects, or as an array of array(fiter,credentials) when the multipleCredentials option is enabled.
Example of using multipleCredentials:
 1.  $credentials1 new ezcAuthenticationPasswordCredentials'john.doe''1234' );
 2.  $credentials1 new ezcAuthenticationPasswordCredentials'jan.modaal''qwerty' );
 3.  
 4.  $filter1 new ezcAuthenticationHtpasswdFilter'/etc/htpasswd1' );
 5.  $filter2 new ezcAuthenticationHtpasswdFilter'/etc/htpasswd2' );
 6.  
 7.  // enable multiple credentials
 8.   $options new ezcAuthenticationGroupOptions();
 9.  $options->multipleCredentials true;
10.  
11.  // add the filters to the group with the constructor
12.   $group new ezcAuthenticationGroupFilterarray(
13.               array$filter1$credentials1 ),
14.               array$filter2$credentials2 ) )$options );
15.  
15.  // the filters can also be added to the group with addFilter()

Parameters

Name Type Description
$filters array(ezcAuthenticationFilter|mixed) Authentication filters
$options ezcAuthenticationGroupOptions Options for this class

Throws

ClassDescription
ezcAuthenticationException if the multipleCredentials option is enabled and a credentials object was not specified

addFilter

void addFilter( ezcAuthenticationFilter $filter, [ezcAuthenticationCredentials $credentials = null] )
Adds an authentication filter at the end of the filter list.
Example of using multipleCredentials:
 1.  $credentials1 new ezcAuthenticationPasswordCredentials'john.doe''1234' );
 2.  $credentials1 new ezcAuthenticationPasswordCredentials'jan.modaal''qwerty' );
 3.  
 4.  $filter1 new ezcAuthenticationHtpasswdFilter'/etc/htpasswd1' );
 5.  $filter2 new ezcAuthenticationHtpasswdFilter'/etc/htpasswd2' );
 6.  
 7.  // enable multiple credentials
 8.   $options new ezcAuthenticationGroupOptions();
 9.  $options->multipleCredentials true;
10.  
11.  // add the filters to the group with addFilter()
12.   $group new ezcAuthenticationGroupFilterarray()$options );
13.  $group->addFilter$filter1$credentials1 );
14.  $group->addFilter$filter2$credentials2 );
15.  
15.  // the filters can also be added to the group with the constructor

Parameters

Name Type Description
$filter ezcAuthenticationFilter The authentication filter to add
$credentials ezcAuthenticationCredentials Credentials object associated with $filter if the multipleCredentials option is enabled

Throws

ClassDescription
ezcAuthenticationGroupException if the multipleCredentials option is enabled and a credentials object was not specified

run

int run( ezcAuthenticationCredentials $credentials )
Runs the filter and returns a status code when finished.

Parameters

Name Type Description
$credentials ezcAuthenticationCredentials Authentication credentials

Redefinition of

Method Description
ezcAuthenticationFilter::run() Runs the filter and returns a status code when finished.

Last updated: Tue, 01 Sep 2009