How to implement SSL in Zend MVC

前端 未结 1 1850
鱼传尺愫
鱼传尺愫 2021-02-09 08:08

I have implemented secure pages before by using a specific secure folder (eg https folder vs http folder on the server). I have started using Zend Framework and would like part

1条回答
  •  小鲜肉
    小鲜肉 (楼主)
    2021-02-09 08:21

    The cleanest way is to have an .ini file for the SSL config where you can enable SSL support for model/controller/action levels, like so:

    Let's say you have a module/controller/action like this:
    SSLModule->IndexController->testAction

    
    ## ini file (can be config.ini also)
    ssl.modules.SSLModule.require_ssl = true  //-> entire module requires SSL 
    ssl.modules.SSLModule.Index.require_ssl = true  //-> entire controller requires SSL
    ssl.modules.SSLModule.Index.test.require_ssl = true  //-> single action requires SSL
    
    

    You parse this either through config, or separately, and in your Bootstrap file you can include a controllerplugin, like mine here.

    There are many other ways to do this, but I think you get the idea!

    
    class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract
    {
    
        public function preDispatch ( Zend_Controller_Request_Abstract $request )
        {
    
            $shouldSecureUrl = false;
    
            //get the config settings for SSL
            $options = Application_ServiceManager::getConfig()->ssl;
    
            //if config is empty, exit
            if (!is_object($options))
                return;
    
            //simpler to use    
            $options = $options->toArray();
    
            //only use it production environment
            if ( APPLICATION_ENV == 'production' )
            {
    
                if (
    
                    ( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] )  ||
                    ( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] )  ||
                    ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )
    
                )
                {
    
                    $shouldSecureUrl = true;
    
                }
    
                if ( $shouldSecureUrl )
                {
    
                    $this->_secureUrl($request);
    
                }
            }
        }
    
    
        protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
        {
    
            $server = $request->getServer();
            $hostname = $server['HTTP_HOST'];
    
            if ( ! $request->isSecure() )
            {
                $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
                 $request->getPathInfo();
    
                $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
                $redirector->setGoToUrl($url);
                $redirector->redirectAndExit();
            }
        }
    }
    
    

    I forgot to mention: to add it in your bootstrap:

    
    $Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );
    
    

    0 讨论(0)
提交回复
热议问题