The biggest problem that I can spot at a quick glance is the "exit 1" inside the event listener.
That's a big no-no, because it nukes the whole application life cycle abruptly, and needlessly: it's sufficient to return the 403 response from the listener to short circuit the dispatch event and let the application complete it gracefully. Other than that, I can't recommend enough to test your authentication and authorization modules thoroughly. Cheers. Il giorno ven 26 feb 2016 alle ore 16:00 David Mintz <[email protected]> ha scritto: > I too am a relative n00b but I don't think that's the only problem with > this tutorial. For one thing, it's dated. You don't need to implement your > own Identity plugin because ZF2 already provides: > > http://zf2.readthedocs.org/en/latest/modules/zend.mvc.plugins.html#zend-mvc-controller-plugins-identity > . > > > As to Slavey's book: it's really good ( > > https://www.amazon.com/review/R38Z5NJEX0UP0R/ref=cm_cr_rdp_perm?ie=UTF8&ASIN=1492372218 > ). > I also like http://www.masterzendframework.com/ and > https://samsonasik.wordpress.com/ > > On Wed, Feb 24, 2016 at 1:21 AM, Simon Walter <[email protected]> wrote: > > > Hi all, > > > > I noticed that the HTTP response codes I get back are not the same as > when > > running the stack via Apache. I noticed also a few other strange things > > such as content when I expected no content. > > > > It then lead me to inspect packets. What I found was that my protected > > areas were indeed accessible. > > > > The fault lies in the way I was redirecting users to the login page. I > had > > followed this tutorial: > > > > > http://p0l0.binware.org/index.php/2012/02/18/zend-framework-2-authentication-acl-using-eventmanager/ > > > > I just want to caution others who may have done so and have copied this > > buggy code. I've left a comment on the page as well: > > > > > http://p0l0.binware.org/index.php/2012/02/18/zend-framework-2-authentication-acl-using-eventmanager/#comment-91368 > > > > Looking at Slavey's book, I see that much of what Marco has done in his > > tutorial is over engineered. > > > > I will chance a n00b guess that because the controller and action are not > > reset to something else, the original route is still followed even > though a > > 302 is sent with a new location. > > > > I will refrain from drawing any more n00b conclusions and ask what you > all > > think. > > > > Kind regards, > > > > Simon > > > > -- > > List: [email protected] > > Info: http://framework.zend.com/archives > > Unsubscribe: [email protected] > > > > > > > > > -- > David Mintz > http://davidmintz.org/ > Human needs before private profit: > http://socialequality.com/ >
