Class SecurityComponent
Short description for file.
Long description for file
- Object
- SecurityComponent
Copyright: Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
License: The MIT License
Location: controller/components/security.php
Properties summary
-
$_action
publicstring
Holds the current action of the controller -
$allowedActions
publicarray
Actions from which actions of the current controller are allowed to receive requests.
-
$allowedControllers
publicarray
Controllers from which actions of the current controller are allowed to receive requests.
-
$blackHoleCallback
publicstring
The controller method that will be called if this request is black-hole'd -
$components
publicarray
Other components used by the Security component -
$disabledFields
publicarray
Form fields to disable -
$loginOptions
publicarray
Login options for SecurityComponent::requireLogin() -
$loginUsers
publicarray
An associative array of usernames/passwords used for HTTP-authenticated logins. -
$requireAuth
publicarray
List of actions that require a valid authentication key -
$requireDelete
publicarray
List of controller actions for which a DELETE request is required -
$requireGet
publicarray
List of controller actions for which a GET request is required -
$requireLogin
publicarray
List of actions that require an HTTP-authenticated login (basic or digest) -
$requirePost
publicarray
List of controller actions for which a POST request is required -
$requirePut
publicarray
List of controller actions for which a PUT request is required -
$requireSecure
publicarray
List of actions that require an SSL-secured connection -
$validatePost
publicboolean
Whether to validate POST data. Set to false to disable for data coming from 3rd party services, etc.
Inherited Properties
Method Summary
-
_authRequired() public
Check if authentication is required -
_callback() public
Calls a controller callback method -
_generateToken() public
Add authentication key for new form posts -
_loginRequired() public
Check if login is required -
_methodsRequired() public
Check if HTTP methods are required -
_requireMethod() public
Sets the actions that require a $method HTTP request, or empty for all actions -
_secureRequired() public
Check if access requires secure connection -
_setLoginDefaults() public
Sets the default login options for an HTTP-authenticated request -
_validatePost() public
Validate submitted form -
blackHole() public
Black-hole an invalid request with a 404 error or custom callback. If SecurityComponent::$blackHoleCallback is specified, it will use this callback by executing the method indicated in $error
-
generateDigestResponseHash() public
Generates a hash to be compared with an HTTP digest-authenticated response -
loginCredentials() public
Attempts to validate the login credentials for an HTTP-authenticated request -
loginRequest() public
Generates the text of an HTTP-authentication request header from an array of options. -
parseDigestAuthData() public
Parses an HTTP digest authentication response, and returns an array of the data, or null on failure. -
requireAuth() public
Sets the actions that require an authenticated request, or empty for all actions -
requireDelete() public
Sets the actions that require a DELETE request, or empty for all actions -
requireGet() public
Sets the actions that require a GET request, or empty for all actions -
requireLogin() public
Sets the actions that require an HTTP-authenticated request, or empty for all actions -
requirePost() public
Sets the actions that require a POST request, or empty for all actions -
requirePut() public
Sets the actions that require a PUT request, or empty for all actions -
requireSecure() public
Sets the actions that require a request that is SSL-secured, or empty for all actions -
startup() public
Component startup. All security checking happens here.
Method Detail
_authRequired() public ¶
_authRequired( object $controller )
Check if authentication is required
Parameters
- object $controller
- Instantiating controller
Returns
true if authentication required
_callback() public ¶
_callback( object $controller , string $method , array $params = array() )
Calls a controller callback method
Parameters
- object $controller
- Controller to run callback on
- string $method
- Method to execute
- array $params optional array()
- Parameters to send to method
Returns
Controller callback method's response
_generateToken() public ¶
_generateToken( object $controller )
Add authentication key for new form posts
Parameters
- object $controller
- Instantiating controller
Returns
Success
_loginRequired() public ¶
_loginRequired( object $controller )
Check if login is required
Parameters
- object $controller
- Instantiating controller
Returns
true if login is required
_methodsRequired() public ¶
_methodsRequired( object $controller )
Check if HTTP methods are required
Parameters
- object $controller
- Instantiating controller
Returns
true if $method is required
_requireMethod() public ¶
_requireMethod( string $method , array $actions = array() )
Sets the actions that require a $method HTTP request, or empty for all actions
Parameters
- string $method
- The HTTP method to assign controller actions to
- array $actions optional array()
- Controller actions to set the required HTTP method to.
_secureRequired() public ¶
_secureRequired( object $controller )
Check if access requires secure connection
Parameters
- object $controller
- Instantiating controller
Returns
true if secure connection required
_setLoginDefaults() public ¶
_setLoginDefaults( array $options )
Sets the default login options for an HTTP-authenticated request
Parameters
- array $options
- Default login options
_validatePost() public ¶
_validatePost( object $controller )
Validate submitted form
Parameters
- object $controller
- Instantiating controller
Returns
true if submitted form is valid
blackHole() public ¶
blackHole( object $controller , string $error = '' )
Black-hole an invalid request with a 404 error or custom callback. If SecurityComponent::$blackHoleCallback is specified, it will use this callback by executing the method indicated in $error
Parameters
- object $controller
- Instantiating controller
- string $error optional ''
- Error method
Returns
If specified, controller blackHoleCallback's response, or no return otherwise
See
generateDigestResponseHash() public ¶
generateDigestResponseHash( array $data )
Generates a hash to be compared with an HTTP digest-authenticated response
Parameters
- array $data
- HTTP digest response data, as parsed by SecurityComponent::parseDigestAuthData()
Returns
Digest authentication hash
See
loginCredentials() public ¶
loginCredentials( string $type = null )
Attempts to validate the login credentials for an HTTP-authenticated request
Parameters
- string $type optional null
- Either 'basic', 'digest', or null. If null/empty, will try both.
Returns
If successful, returns an array with login name and password, otherwise null.
loginRequest() public ¶
loginRequest( array $options = array() )
Generates the text of an HTTP-authentication request header from an array of options.
Parameters
- array $options optional array()
- Set of options for header
Returns
HTTP-authentication request header
parseDigestAuthData() public ¶
parseDigestAuthData( string $digest )
Parses an HTTP digest authentication response, and returns an array of the data, or null on failure.
Parameters
- string $digest
- Digest authentication response
Returns
Digest authentication parameters
requireAuth() public ¶
requireAuth( )
Sets the actions that require an authenticated request, or empty for all actions
requireDelete() public ¶
requireDelete( )
Sets the actions that require a DELETE request, or empty for all actions
requireGet() public ¶
requireGet( )
Sets the actions that require a GET request, or empty for all actions
requireLogin() public ¶
requireLogin( )
Sets the actions that require an HTTP-authenticated request, or empty for all actions
requirePost() public ¶
requirePost( )
Sets the actions that require a POST request, or empty for all actions
requirePut() public ¶
requirePut( )
Sets the actions that require a PUT request, or empty for all actions
requireSecure() public ¶
requireSecure( )
Sets the actions that require a request that is SSL-secured, or empty for all actions
Methods inherited from Object
Object() public ¶
Object( )
A hack to support __construct() on PHP 4 Hint: descendant classes have no PHP4 class_name() constructors, so this constructor gets called first and calls the top-layer __construct() which (if present) should call parent::__construct()
Returns
__openPersistent() public ¶
__openPersistent( string $name , string $type = null )
Open the persistent class file for reading Used by Object::_persist()
Parameters
- string $name
- Name of persisted class
- string $type optional null
- Type of persistance (e.g: registry)
_persist() public ¶
_persist( string $name , string $return , $object , $type = null )
Checks for a persistent class file, if found file is opened and true returned If file is not found a file is created and false returned If used in other locations of the model you should choose a unique name for the persistent file There are many uses for this method, see manual for examples
Parameters
- string $name
- name of the class to persist
- string $return
- $object the object to persist
- $object
- $type optional null
Returns
Success
_savePersistent() public ¶
_savePersistent( string $name , object $object )
You should choose a unique name for the persistent file
There are many uses for this method, see manual for examples
Parameters
- string $name
- name used for object to cache
- object $object
- the object to persist
Returns
true on save, throws error if file can not be created
_set() public ¶
_set( array $properties = array() )
Allows setting of multiple properties of the object in a single line of code.
Parameters
- array $properties optional array()
- An associative array containing properties and corresponding values.
_stop() public ¶
_stop( $status = 0 )
Stop execution of the current script
Parameters
- $status optional 0
- http://php.net/exit for values
cakeError() public ¶
cakeError( string $method , array $messages = array() )
Used to report user friendly errors. If there is a file app/error.php or app/app_error.php this file will be loaded error.php is the AppError class it should extend ErrorHandler class.
Parameters
- string $method
- Method to be called in the error class (AppError or ErrorHandler classes)
- array $messages optional array()
- Message that is to be displayed by the error class
Returns
message
dispatchMethod() public ¶
dispatchMethod( string $method , array $params = array() )
Calls a method on this object with the given parameters. Provides an OO wrapper for call_user_func_array, and improves performance by using straight method calls in most cases.
Parameters
- string $method
- Name of the method to call
- array $params optional array()
- Parameter list to use when calling $method
Returns
Returns the result of the method call
log() public ¶
log( string $msg , integer $type = LOG_ERROR )
API for logging events.
Parameters
- string $msg
- Log message
- integer $type optional LOG_ERROR
- Error type constant. Defined in app/config/core.php.
Returns
Success of log write
requestAction() public ¶
requestAction( mixed $url , array $extra = array() )
Calls a controller's method from any location.
Parameters
- mixed $url
- String or array-based url.
- array $extra optional array()
- if array includes the key "return" it sets the AutoRender to true.
Returns
Boolean true or false on success/failure, or contents of rendered action if 'return' is set in $extra.
toString() public ¶
toString( )
Object-to-string conversion. Each class can override this method as necessary.
Returns
The name of this class
Properties detail
$allowedActions ¶
Actions from which actions of the current controller are allowed to receive requests.
See
array()
$allowedControllers ¶
Controllers from which actions of the current controller are allowed to receive requests.
See
array()
$blackHoleCallback ¶
The controller method that will be called if this request is black-hole'd
null
$components ¶
Other components used by the Security component
array('RequestHandler', 'Session')
$loginOptions ¶
Login options for SecurityComponent::requireLogin()
See
array('type' => '', 'prompt' => null)
$loginUsers ¶
An associative array of usernames/passwords used for HTTP-authenticated logins.
See
array()
$requireAuth ¶
List of actions that require a valid authentication key
See
array()
$requireDelete ¶
List of controller actions for which a DELETE request is required
See
array()
$requireGet ¶
List of controller actions for which a GET request is required
See
array()
$requireLogin ¶
List of actions that require an HTTP-authenticated login (basic or digest)
See
array()
$requirePost ¶
List of controller actions for which a POST request is required
See
array()
$requirePut ¶
List of controller actions for which a PUT request is required
See
array()
$requireSecure ¶
List of actions that require an SSL-secured connection
See
array()
$validatePost ¶
Whether to validate POST data. Set to false to disable for data coming from 3rd party services, etc.
true