Hi I am Confused at creating the ARO users and groups and in which controller they
are defined
Please help me Thanks in Advance
ACL in general can get confused and complicated. Most times ACL is overkill for most APPs we develop anyway. I think Role Base Authentication with admin routing is much easier to setup and is enough for most situations. On my first CakePHP I developed, I used ACL, but did not actually need it, although it was a good learning opportunity. I am currently upgrading/redesigning to 2.0 and I am using role based for that site, with admin and members.
If you are trying to learn, I would say go for it and use the following CakePHP tutorial: CakePHP Simple Acl Controller Application Tutorial. To manage it, it can be very difficult. I would suggest the following plugin: Alaxos - Plugin ACL 2.0. The down side with this, is that is takes a long time to process when you need to make a simple change like adding a function to an existing controller, that might not be worth it, specially if you are using shared hosting with execution limition.
Bottom line: Use it if you REALLY/ABSOLUTELY need for your site. If not stay away from ACL.
Related
I know normally I have to ask questions about specific code problems. But I need advice to get started at all. I was thinking about making a webapplication with react the application is a admin controll pannel things like, employee costs, orders and so on for a family business. For the authentication part I wanted to keep it simple and do it with google but before doing that, I wanted to ask the experienced developers here if that makes any sense or if I should use Jhipster/Keycloak.
Benefits of google would be I think it is easier to implement and the security part would be handled by google but what could be possible problems? I hope someone could give me a good advice.
with regards
Using Keycloak/JHipster would probably be overkill for a simple family business application.
I would rather use simpler authentication types offered by JHipster that do not require external applications like session. An alternative would be to use provided Okta integration, this way you get a ready-to-go solution.
If you want to use Google, then you'll have to use spring-security-oauth2-client and build your own solution on top of Spring Boot or adapt JHipster generated app if you still want to use JHipster.
Also, do you have decided of where you want to deploy your app? Your cloud provider could offer a good integrated solution for authentication.
I am having a hard time finding assistance on securing my application. I want to create a role based system, in CakePHP, that would allow me to assign users to a role(s), assign permissions to a role, and use the roles to control who can see/do what on my application. I recall there being something you could use in CakePHP 2.X but I can't find anything in 3.0. Is this still supported? Is there a recommended way to do this? In particular, I need to know the table structure, so I can add them to my database diagram.
thanks
You may want to use TinyAuth plugin by dereuromark or the official ACL plugin by cakephp.
The ActionsAuthorize & CrudAuthorize adapter available in CakePHP 2.x
have now been moved to a separate plugin cakephp/acl.
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#authorization
Iam developing angular js web application .I want to store the login credentials when the user checks on remember me option.can any one please suggest me which is the better way to store the details of user (local storage or cookies or etc).And I want to maintain the session throughout the application ..please give your suggestions.
Thanks in advance
There are already plenty of solutions for that kind of stuff. As this is a serious security issue, I would recommend to use one of those instead of "reinventing the wheel".
Whether the system is using cookies or localstorage doesn't really matter at the end of the day. It is however a bad idea in general to store the actual credentials. Instead, use a token-based system that will do a server-client handshake on request.
Personally, I am working with Firebase and Express at the moment.
Firebase
Firebase is "backend as a service". They offer a free plan for production usage, have a look at it. If you like it, things are pretty easy here. You pay money and get a full-featured REST-like "backend" with built-in user management (See Firebase doc's for SimpleLogin). All you have to do is calling service methods.
Express
This is the DIY way. If you want to have full-control and a free way of doing things, this is the way to go. I am no Express master, so you better have a look at some Tutorials (http://expressjs-book.com/forums/topic/express-js-sessions-a-detailed-tutorial/)
If you don't like neither Firebase nor Express, have a look at other Backend-as-a-service offers. You could even use PHP. I would assume that one could say that this is the oldschool way of implementing user sessions :)
I'm looking for an advanced CakePHP authentification component or plugin. I've used the core auth plugin and it's fine. I'm however looking for something a bit more advanced that allow to keep track of multiple sessions for the same user. Main features/reasons would be: Ability for user to see active sessions and allow the user to end active sessions. This method is used by facebook and other large sites.
If you do not know of an Auth component that does what I mentioned above do you know of any Auth component that does more than CakePHP's core/built-in component?
I searched the CakePHP bakery section and Googled to find an Auth component but didn't find any.
I don't know if there is something built-in for Auth in CakePHP with that complexity, try this plugin
https://github.com/Theaxiom/SuperAuth
Or check in the official github repository from CakeDC team https://github.com/CakeDC
also try to find something in http://plugins.cakephp.org/
By the way, maybe you can ask directly to core guys on irc ;) go to http://webchat.freenode.net/ and channel cakephp.
Summary of the question:
I would like to create a CakePHP based registration and login system offering multiple different gateways such as OpenID, Facebook, Twitter, and so forth. I would like the system to allow a user to associate multiple forms of identification with their account.
After much searching, I am turning up a blank on anything that would allow more than one method of authorization. Cake's authorization system does complicate the matter, so using a tutorial for general PHP is not really effective. Does anyone have a solution, or somewhere I can start from?
Example:
To give a simple example, looking at the StackExchange network: you can login/register using a stack exchange account, Google, Yahoo, Facebook, or OpenID. Once logged in, you can add more of these methods to your account so that you are recognized a multitude of ways. I realize StackExchange probably isn't written in Cake, but it serves as an example.
Thank you!
Original Question
Here's the scoop: I'd like to integrate a simple registration/login system for each of the main services that offer oauth/openid in CakePHP.
Basically, I'd like my users to be able to register the old fashion way (including validation e-mail) or using an existing service to verify themselves. I'd like them to be able to login afterwards using that service, or with a username and password.
Now, I have found extremely in depth plugins for full facebook integration and the like, but the bottom line is that I want to just use this for registration and login at this point, and I would like the experience to be the same regardless of which service they choose (plus, I'd like to understand how it works... because this is all about learning CakePHP after all).
I'd also like them to be able to link other services once the account is created if they so desire. In a nut shell, they're account should be able to be linked to any number of login services, or none at all.
How on earth do I go about this?
Thank you,
James
Looks like there is now a third-party library available using Opauth as detailed on this bakery thread
Here is the CakePHP version's github page:
https://github.com/uzyn/cakephp-opauth
Great question - our CakePHP development studio may be looking at this in the coming months also. I suspect you'll have more luck researching this as a general PHP question and then how you can port that solution into Cake. Definitely post back with anything you discover.
You might find this thread a helpful starting point, although it was posted back in 2010:
Best way to implement Single-Sign-On with all major providers?