Tuesday 5 January 2016

Zend Framework 2 Authentication and Authorization

Zend Framework 2 Authentication and Authorization

Question: What is difference between Authentication and Authorization?
Authentication is the process of determining whether someone is to be identified Or Not. In another words, whether he can login in system OR Not. Authorization is the process of determining whether he can access that particular things OR Not. In another words what section he can access OR Not. Authorization comes after the Authentication.


Question: How to set Secure Authentication?
  1. Login credentials should be encrypted like Md5 during authorization
  2. credentials must not keept in Session
  3. Protected Website from Session Hijacking and Session Fixation
  4. In Login Form use captcha


Question: What are four method available in Zend\Authentication\Result?
  1. isValid()
  2. getCode()
  3. getIdentity()
  4. getMessages()


Question: What constants are return from Zend\Authentication\Result?
  1. Result::SUCCESS
  2. Result::FAILURE
  3. Result::FAILURE_IDENTITY_NOT_FOUND
  4. Result::FAILURE_IDENTITY_AMBIGUOUS
  5. Result::FAILURE_CREDENTIAL_INVALID
  6. Result::FAILURE_UNCATEGORIZED



Question: How to change the Session NameSpace for Auth?
$auth->setStorage(new SessionStorage('someNamespace'));


Question: Can we create "Custom Storage Class" and use in Auth?
Yes, We can create our custom storage class using interface Zend\Authentication\Storage\StorageInterface. For Example:
use Zend\Authentication\Storage\StorageInterface;
class My\Storage implements StorageInterface{
}


Question: Can we create "Custom Adapters" for Auth?
Yes, We can create our custom storage class using interface Zend\Authentication\Adapter\AdapterInterfac. For Example:
use Zend\Authentication\Adapter\AdapterInterface;
class My\Auth\Adapter implements AdapterInterface{
}



Question: How to make user logout from application?
$auth->clearIdentity();



Question: What are different Adapter availble in Zend Framework2.4 for Authentication?
  1. Zend\Authentication\Adapter\DbTable
  2. Zend\Authentication\Adapter\Digest
  3. Zend\Authentication\Adapter\Http
  4. Zend\Authentication\Adapter\Ldap
  5. Zend\Authentication\Adapter\Http\FileResolver



Question: What is ACL component?
The Zend\Permissions\Acl component provides a lightweight & flexible access control list implementation for managing the access to different users.


Question: What is Resource and Role in ACL?
Resource: Resource is an object to which access is controlled. For Example Car.
Zend\Permissions\Acl\Resource\ResourceInterface is available.


Role: Role is an object that may request access to a Resource. For Example Driver
Driver can request to car means An Role can request access to a Resource.
Zend\Permissions\Acl\Role\RoleInterface is available.


Question: What is Rbac component?
Rbac component is a lightweight ACL implementation based around PHP 5.3's SPL RecursiveIterator & RecursiveIteratorIterator.
Its similar to Zend ACL component.
Rbac emphasis on roles and their permissions rather than objects/resources.