Lion PHP Framework
Download
Documentation
Community
Development
Blog
About Lion


SEARCH

TABLE OF CONTENT

    1. Getting started 2. Basic concepts 3. Request dispatching 4. Context container 5. Dual MVC 6. Component model: 7. Security 8. Configuration 9. Session handling 10. I18n 11. Cache 12. Logging 13. Error handling 14. Advanced Topics 15. API reference

      Tutorials: Frequently Asqued Questions

      See also:

      Security in Lion

      Authentication and Authorization

      Table of Contents

      What's Security?

      Security is the mechanism to restrict the access to certain system resources to some users.
      i.e. To allow the access to administrative pages just to users with administrative privileges.

      Security comprises two major operations: The Authentication and the Authorization.

      Authentication is the process of confirming who someone is or what something is, it is, confirm a claimed identity.
      For example, motorists identify themselves to police by presenting a driver's license. Police compare the photo and description on the driver's license with the motorist to authenticate identity.

      Authorization is the act of granting permission for someone or something to conduct an act. Even when identity and authentication have indicated who someone is, authorization may be needed to establish what he or she is allowed to do.

      Security in Lion

      As part of the lion framework, there is a layer to support the security principles described abobe.
      The followin diagram shows the main classes and relationships that belong to this layer:

      The most fundamental classes here are both the __AuthenticationManager and __AuthorizationManager.
      The __AuthenticationManager is the one in charge of the authentication management while the __AuthorizationManager is the one in charge of the authorization management (just read the class names :).

      As you can see in the diagram, there are several interfaces (the ones with the prefix __I, like __ICredentials, __IAuthenticator, ...). Lion allows to specify declarativelly which classes will be used for each interface. This capability allows to customize/extend the security layer without altering the root behaviour.

      Authentication

      The __AuthenticationManager main task is to perform the user logon. To make it happens, it exposes the method __AuthenticationManager::logon().

      The __AuthenticationManager has a set of authenticators (classes implementing the __IAuthenticator). To perform the logon, it delegates to each one until the user is successfully authenticated. The authentication fails if all the authenticators fail.
      Once it occurs, the user instance is stored in the __AuthenticationManager. It also activate some roles in the __UserSession.

      __AuthenticationManager::logout() just unset the authenticated user from __AuthenticationManager. Also unset the active roles from the __UserSession.

      For more information regarding the authentication, see the Authentication in Lion section.


      Authorization

      The __AuthorizationManager main task is to check if the authenticated user has permission to access to each system resource.
      The most important thing to know is the fact that the __AuthorizationManager does not check the permissions associated to the already authenticated user, but the ones stored in the __UserSession.

      For more information regarding the authorization, see the Authorization in Lion section.
      Copyright (c) 2009, www.lionframework.org About | License | Blog | Development | Contact