Class \Prado\Security\TAuthManager
TAuthManager performs user authentication and authorization for a Prado application. TAuthManager works together with a IUserManager module that can be specified via the \Prado\Security\setUserManager property. If an authorization fails, TAuthManager will try to redirect the client browser to a login page that is specified via the \Prado\Security\setLoginPage. To login or logout a user, call login or logout, respectively.
The \Prado\Security\setAuthExpire property can be used to define the time in seconds after which the authentication should expire. \Prado\Security\setAllowAutoLogin specifies if the login information should be stored in a cookie to perform automatic login. Enabling this feature will cause that \Prado\Security\setAuthExpire has no effect since the user will be logged in again on authentication expiration.
To load TAuthManager, configure it in application configuration as follows,
<module id="auth" class="Prado\Security\TAuthManager" UserManager="users" LoginPage="login" />
When a user logs in, onLogin event is raised with the TUser as the parameter. If the user trying to login but fails the check, onLoginFailed is raised with the user name as parameter. When the user logs out, onLogout is raised with the TUser as parameter.
Class hierarchy
- \Prado\Security\TAuthManager
-
\Prado\TModule
implements
IModule -
\Prado\TApplicationComponent
-
\Prado\TComponent
Since: 3.0
public
|
doAuthentication(mixed $sender, mixed $param) : mixed
Performs authentication.
This is the event handler attached to application's Authentication event. Do not call this method directly. |
public
|
doAuthorization(mixed $sender, mixed $param) : mixed
Performs authorization.
This is the event handler attached to application's Authorization event. Do not call this method directly. |
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
init(TXmlElement $config) : mixed
Initializes this module.
This method is required by the IModule interface. |
public
|
leave(mixed $sender, mixed $param) : mixed
Performs login redirect if authorization fails.
This is the event handler attached to application's EndRequest event. Do not call this method directly. |
public
|
login(string $username, string $password[, int $expire = 0 ]) : bool
Logs in a user with username and password.
The username and password will be used to validate if login is successful. If yes, a user object will be created for the application. On successful Login, onLogin is raised with the TUser as parameter. When the login fails, onLoginFailed is raised with the username as parameter. |
public
|
logout() : mixed
Logs out a user. Raises onLogout with the TUser as parameter
before logging out. User session will be destroyed after this
method is called.
|
public
|
onAuthenticate(mixed $param) : mixed
Performs the real authentication work.
An OnAuthenticate event will be raised if there is any handler attached to it. If the application already has a non-null user, it will return without further authentication. Otherwise, user information will be restored from session data. |
public
|
onAuthExpire(mixed $param) : mixed
Performs user logout on authentication expiration.
An 'OnAuthExpire' event will be raised if there is any handler attached to it. |
public
|
onAuthorize(mixed $param) : mixed
Performs the real authorization work.
Authorization rules obtained from the application will be used to check if a user is allowed. If authorization fails, the response status code will be set as 401 and the application terminates. |
public
|
|
public
|
|
public
|
|
public
|
|
public
|
|
public
|
setLoginPage(string $pagePath) : mixed
Sets the login page that the client browser will be redirected to if login is needed.
Login page should be specified in the format of page path. |
public
|
setReturnUrl(string $value) : mixed
Sets the URL that the browser should be redirected to when login succeeds.
|
public
|
|
public
|
|
public
|
switchUser(string $username) : bool
Switches to a new user.
This method will logout the current user first and login with a new one (without password.) |
public
|
|
protected
|
public
mixed
|
RETURN_URL_VAR
GET variable name for return url
|
'ReturnUrl'
|
\Prado\TApplicationComponent::FX_CACHE_FILE, \Prado\TComponent::GLOBAL_RAISE_EVENT_LISTENER |