Authentication for Amfphp.

This plugin can be deactivated if the project doesn't need to protect access to its services.

On a service object, the plugin looks for a method called _getMethodRoles. If the method exists, the plugin will look for a role in the session that matches the role. If the roles don't match, an Exception is thrown. The _getMethodRoles takes a parameter $methodName, and must return an array of strings containing acceptable roles for the method. If the return value is null, it is considered that that particular method is not protected.

For example:

To authenticate a user, the plugin looks for a 'login' method. This method can either be called explicitly, or by setting a header with the name 'Credentials', containing {userid: userid, password: password}, as defined by the AS2 NetConnection.setCredentials method. It is considered good practise to have a 'logout' method, though this is optional The login method returns a role in a 'string'. It takes 2 parameters, the user id and the password. The logout method should call AmfphpAuthentication::clearSessionInfo();

See the AuthenticationService class in the test data for an example of an implementation.

• author: Ariel Sommeria-klein
• link: https://github.com/silexlabs/amfphp-2.0/blob/master/Tests/TestData/Services/AuthenticationService.php

Located in /Amfphp/Plugins/AmfphpAuthentication/AmfphpAuthentication.php (line 45)