Upload File

creating fast, dynamic acls in zend framework (zend webinar)

  • Home
  • Technology
  • Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)
Download Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)

If you can't read please download the document

Upload: wim-godden

Post on 17-May-2015

12.283 views

Category:

Technology


0 download

Report

DESCRIPTION

Slides from the Zend Webinar on 'Creating fast and dynamic ACLs in Zend Framework' (15 June 2011).Zend Framework's Access Control Layer system is simple and straight-forward; however, as the number of rules increase in size and complexity, maintenance and performance suffer. The solution: a dynamic, reflection-based ACL system, with built-in caching. Sound complicated?Don't worry, it's easy to setup and a lot easier to manage! Join this webinar to learn how!Presenter: Wim Godden

TRANSCRIPT

  • 1. Creating fast, dynamic ACLs in Zend Framework Wim Godden Cu.be Solutions

2. Who am I ?

  • Wim Godden (@wimgtr)

3. Owner of Cu.be Solutions (http://cu.be) 4. PHP developer since 1997 5. Developer of OpenX 6. Zend Certified Engineer 7. Zend Framework Certified Engineer 8. MySQL Certified Developer 9. Talking about...

  • Authentication
  • -> Zend_Auth

Auditing

  • -> Zend_Log

Authorization

  • -> Zend_Acl

10. Authorization

  • Wikipedia : "the function of specifying access rights to resources"

11. What's a resource ?

  • Object (Article, Invoice, Document, )

12. Webpage 13. Database / table / row 14. ... 15. Standard ACL

  • Access toresourcesis defined inprivileges

16. Privileges are grouped together inroles 17. 2 types ofroles:

  • Anonymous / Unknown

18. Registered / Known 19. Within Zend Framework : Zend_Acl

  • Flexible

20. Uses standard role, resource principles 21. Zend_Acl : the good

  • Recognizable -> easy to get started

22. No link to specific backend 23. Allow + deny 24. Proven, tested 25. Zend_Acl : the bad & ugly

  • Complexity of rules rises quickly

26. Performance issues 27. All rules are in-code 28. -> maintainability becomes an issue 29. Evolution of a portal $acl =newZend_Acl(); $acl->addRole( newZend_Acl_Role( 'guest' )); $acl->addRole( newZend_Acl_Role( 'member' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'admin' ),'member' ); $acl->addResource( newZend_Acl_Resource( 'cms' )); $acl->addResource( newZend_Acl_Resource( 'report' )); $acl->allow( 'guest' ,'cms' ,'view' ); $acl->allow( 'admin' ,'cms' ,'edit' ); $acl->deny( 'guest' ,'report' ); $acl->allow( 'member' ,'report' ); 30. Evolution of a portal $acl =newZend_Acl(); $acl->addRole( newZend_Acl_Role( 'guest' )); $acl->addRole( newZend_Acl_Role( 'departmentA' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentB' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'admin' ),'member' ); $acl->addResource( newZend_Acl_Resource( 'cms' )); $acl->addResource( newZend_Acl_Resource( 'report' )); $acl->allow( 'guest' ,'cms' ,'view' ); $acl->allow( 'admin' ,'cms' ,'edit' ); $acl->deny( 'guest' ,'report' ); $acl->allow( 'departmentA' ,'report' ); 31. Evolution of a portal $acl =newZend_Acl(); $acl->addRole( newZend_Acl_Role( 'guest' )); $acl->addRole( newZend_Acl_Role( 'departmentA' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentB' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentC_senior_staff' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentC_marketing' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'admin' ),'member' ); $acl->addResource( newZend_Acl_Resource( 'cms' )); $acl->addResource( newZend_Acl_Resource( 'report' )); $acl->addResource( newZend_Acl_Resource( 'newsletter' )); $acl->addResource( newZend_Acl_Resource( 'photo' )); $acl->addResource( newZend_Acl_Resource( 'faq' )); $acl->allow( 'guest' ,'cms' ,'view' ); $acl->allow( 'admin' ,'cms' ,'edit' ); $acl->deny( 'guest' ,'report' ); $acl->allow( 'departmentA' ,'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); 32. Evolution of a portal $acl =newZend_Acl(); $acl->addRole( newZend_Acl_Role( 'guest' )); $acl->addRole( newZend_Acl_Role( 'departmentA' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentB' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentC_senior_staff' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentC_marketing' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'cook' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'admin' ),'member' ); $acl->addResource( newZend_Acl_Resource( 'cms' )); $acl->addResource( newZend_Acl_Resource( 'report' )); $acl->addResource( newZend_Acl_Resource( 'newsletter' )); $acl->addResource( newZend_Acl_Resource( 'photo' )); $acl->addResource( newZend_Acl_Resource( 'faq' )); $acl->addResource( newZend_Acl_Resource( 'invoicing' )); $acl->addResource( newZend_Acl_Resource( 'stats' )); $acl->addResource( newZend_Acl_Resource( 'lunchmenu' )); $acl->allow( 'guest' ,'cms' ,'view' ); $acl->allow( 'admin' ,'cms' ,'edit' ); $acl->deny( 'guest' ,'report' ); $acl->allow( 'departmentA' ,'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('cook', 'lunchmenu', 'edit'); $acl->allow('member', 'lunchmenu', 'view'); $acl->allow('accounting', 'invoicing', 'edit'); $acl->allow('admin', 'invoicing', 'edit'); $acl->allow('departmentC_senior_staff', 'invoicing', 'report'); 33. Evolution of a portal $acl =newZend_Acl(); $acl->addRole( newZend_Acl_Role( 'guest' )); $acl->addRole( newZend_Acl_Role( 'departmentA' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentB' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentC_senior_staff' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'departmentC_marketing' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'cook' ),'guest' ); $acl->addRole( newZend_Acl_Role( 'admin' ),'member' ); $acl->addResource( newZend_Acl_Resource( 'cms' )); $acl->addResource( newZend_Acl_Resource( 'report' )); $acl->addResource( newZend_Acl_Resource( 'newsletter' )); $acl->addResource( newZend_Acl_Resource( 'photo' )); $acl->addResource( newZend_Acl_Resource( 'faq' )); $acl->addResource( newZend_Acl_Resource( 'invoicing' )); $acl->addResource( newZend_Acl_Resource( 'stats' )); $acl->addResource( newZend_Acl_Resource( 'lunchmenu' )); $acl->allow( 'guest' ,'cms' ,'view' ); $acl->allow( 'admin' ,'cms' ,'edit' ); $acl->deny( 'guest' ,'report' ); $acl->allow( 'departmentA' ,'report' ); $acl->deny('departmentC_senior_staff', 'newsletter'); $acl->allow('departmentC_marketing', 'newsletter'); $acl->allow('member', 'photo', 'view'); $acl->allow('departmentC_marketing', 'photo', 'upload'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('admin', 'photo', 'delete'); $acl->allow('guest', 'faq', 'view'); $acl->allow('member', 'faq', 'comment'); $acl->allow('departmentA', 'faq', 'edit'); $acl->allow('departmentC_senior_staff', 'faq', 'edit'); $acl->allow('admin', 'faq', 'edit'); $acl->allow('cook', 'lunchmenu', 'edit'); $acl->allow('member', 'lunchmenu', 'view'); $acl->allow('accounting', 'invoicing', 'edit'); $acl->allow('admin', 'invoicing', 'edit'); $acl->allow('departmentC_senior_staff', 'invoicing', 'report'); 34. Hard to ...

  • maintain all rules

35. keep track of the rules 36. debug the rules 37. Possible solution : database

  • Extend Zend_Acl to database driven design

38. Good : no code changes required 39. Bad : more load on DB 40. A different approach

  • NotTHEsolution, merelyAsolution

41. Uses database, but... 42. Additional caching layer 43. ZF Conventional Modular Directory Structure 44. Backend interface for easy management 45. Different resources

  • Zend_ACL :

$acl->addResource( newZend_Acl_Resource( 'cms' )); $acl->allow( 'guest' ,'cms' ,'view' ); $acl->allow( 'admin' ,'cms' ,'edit' );

  • Access to :
  • Controller : cms

46. Action : view / edit Why not integrate with the request itself ? 47. Controller plugins 48. Zend_Acl as a controller plugin


Zend framework 06 - zend config, pdf, i18n, l10n, sessions

Zend Framework Dojo Webinar

Offshore Zend PHP Development- Hire Zend PHP Developers

ACLS for Experienced Providers Instructor Candidate Workbook · ACLS for Experienced Providers . Instructor Candidate Workbook . ... Manual ... ACLS and ACLS EP Audiences

RightScale Webinar: RightScale Zend Joint Customer Case Study - Mediaspike

Access Control List (ACL) W.lilakiatsakun. ACL Fundamental Introduction to ACLs Introduction to ACLs How ACLs work How ACLs work Creating ACLs Creating

ACLS Rhythms for the ACLS Algorithms - Consurgo

Zend Framework and Doctrine Putting the M in Zend

Webinar: Zend framework Getting to grips (ZF1)

© All rights reserved. Zend Technologies, Inc. Magento and Zend Zeev Suraski Co-fondateur & CTO, Zend Technologies

WEBINAR: Zend Server 5.5 - Wie man die Agilität von PHP auf den IT Produktivbetrieb überträgt

Zend framework

Instant ACLs with Zend Framework 2

Zend framework 3 と zend expressive の話

Zend Framework 1.8 Features Webinar

Copyright © 2008, Zend Technologies Inc. Authentication with Zend Framework Darby Felton PHP Developer, Zend Technologies Zend Framework facilitates development

Zend server deployment, 2014 Webinar

OSSCube - Zend Webinar

Zend Certification Webinar

Webinar - Zend Framework - Trouver le chemin des bonnes pratiques

Webinar Zend Secure Application Development With the Zend Framework

ACLS HANDBOOK - Hancock Medical Training CPR ACLS PALShmttraining.com/uploads/3/2/3/6/3236415/hmt_acls_handbook.pdf · ACLS Handbook • ACLS SURVEY – Airway • Airway patent •

Zend server 6 using zf2, 2013 webinar

Introduzione a GIT - Webinar Zend

Zend Framework Getting Started I. Overview of Zend Framework · Zend Framework Getting Started I. Overview of Zend Framework Zend Framework is an open source framework for developing

kapia-zend partner submit 2012-11-28 · PDF file11/28/2012 · TOAD Zend Studio SVN Repo. Oracle DB Anonymizer Zend Server Staging Zend Server Oracle DB. Production Zend Server Oracle

Vendor: Zend-Technologies 200-530 Zend PHP 5.3 Certification

rendoncpr.comrendoncpr.com/docs/ACLS.pdf · ACLS START ACLS IA-B ACLS 2A-B ACLS 3A-F ACLS 4A-C ACLS 5A-B ACLS 6A-D ACL-S 7A-J ACL-S 8A-K ACLS 9A-E ACLS IOA-E ACLS IIA-D ACLS T3-5

Course Outline - s3.amazonaws.com · Requirements of Zend Framework € € Features of Zend Framework € Zend - PHP Framework € How to install Zend Framework € € Chapter 2:

Zend Framework's Little Known Gems€¦ · Zend Framework's Little Known Gems Matthew Weier O'Phinney Software Architect Zend Framework

Better Bug Stomping with Zend Studio and Zend Server

Zend Framework Database Accessdownloads.zend.com/static/topics/ZF-Webinar-Db... · 10/9/2007  · Zend Framework Database Quick Start 2007-10-09 | Page 3 Introduction to ZendFramework

AHA ACLS PROTOCOLS - Orthopedic Surgery notes · aha acls protocols appendix: r title: aha acls 2005 protocols revised: 15 april 2006 ... aha acls protocols acls lapss stroke assessment

Zend Certified Engineer & Zend Framework

© All rights reserved. Zend Technologies, Inc. Jan Burkl System Engineer, Zend Technologies Zend Server im Cluster