Sunday, December 1, 2013

Echoes from ZendCon Europe 2013

ZendCon is probably the biggest and most important conference in the PHP world. And for the first time it took place in Europe - Paris (18-20 November). Many brilliant and famous engineers, developers, speakers, entrepreneurs had their presentation there. Also some of the most important people  from Zend (“the PHP company”) were there to present new (and not so new) ideas, tools, best practices and to answer questions either from the stage in front of the audience or by the coffee stand
 in private.

 My impression of the conference as a whole is that the API-centric and mobile-first principles will have growing importance in the future. That seems to be the main direction Zend is wishing to follow. At the same time automated continuous deployment is considered to be of great value in the software engineering process. And let’s not forget the “clouds”. They have been around for some time, but more and better integrated tools are being introduced either by the big players such as Google, Microsoft, IBM or by smaller but specialized vendors.

Read more »
Posted by at 10:19 0 comments
Labels: , , , ,

Tuesday, November 12, 2013

Cache patterns in PHP

No matter how skilled developer you are, sometimes you can't avoid having slow pieces of code - handling remote connections, database queries or just complicated calculations. One of the possible solutions is to implement caching. But the question is - how to do it right? In the following text I'll got through several possible ways how to implement caching in search of the best solution. I'll use the cache storage implementation from Zend Framework 2, but any other relevant implementation can be used instead.
Read more »
Posted by at 14:04 1 comments
Labels: , , , ,

Thursday, September 12, 2013

Zend Framework 2 - the Logger factory

In Zend Framework 1 there was a nice factory method which allowed a logger object to be created with all its writers and filters just by passing an array or the corresponding Zend_Config value. In Zend Framework 2, there is no such method anymore. Probalby due to the effort to discourage the use of static factory methods. Anyway, it is still possible to do the same, although it is not so obvious.
Read more »
Posted by at 12:10 0 comments
Labels: ,

Wednesday, July 10, 2013

OAuth2 / OpenID Connect Client Library for PHP/ZF2

I'm involved in federated identity management, delegated authorization and RESTful web services. So it was natural that I chose to adopt the OAuth2 framework and its more specific "brother" - OpenID Connect. There are already some client implementations of OpenID Connect and even more implementations of the OAuth2 specification. But I had my own reasons, why I wrote my own implementation:

  • I use PHP, Zend Framework 2 and composer and I'm used to that :)
  • instead of a monolitic client implementation I need a library/framework which provides tools and building blocks for creating clients for different use cases
  • OpenID Connect is not ready yet, the specs are being changed and it is easier for me to modify and adapt my own implementation
  • actually, I started writing a simple client to test my server implementation, but finally it grew up to a whole library :)

In the code I tried to respect the dependency injection paradigm together with the single responsibility principle and good testability. Dependencies may be injected or created implicitly in a "lazy" manner (when they are needed). As a result, the code is fragmented into numerous objects and it may need a bit more writing to tie them together (if you do not use the implicit values). That can be solved by writing a facade such as the InoOicClient\Flow\Basic object, which accepts a simple configuration array and does all the initialization inside.

I successfully tested the library against Google an Github, but probably more identity providers "work" out of the box. The source repository contains simple demos, but I'm planning to write more user-frienldy ones.

The library cannot be recommended for production use yet though. It hasn't been tested enough. There are some important features from the OpenID Connect specs missing - ID token validation, tools for discovery and registration etc. Anyway, I'm planning to add them in the future releases.

More information:
Posted by at 10:49 0 comments
Labels: , , ,

Wednesday, May 29, 2013

DokuWiki Shibboleth authentication plugin

The new DokuWiki version 2013-05-10 “Weatherwax” introduced new approach to modular authentication. While the older versions used authentication backends, the new version makes use of its flexible plugin system and introduces a new plugin type - the authentication plugin. Actually, it is very similar to the authentication backend, but as a plugin it provides all the benefits of the plugin system - it can be installed via DokuWiki administration, it can be configured with the configuration manager, etc.

 That was an impulse for me to rewrite my Shibboleth authentication backend from scratch and implement it as a plugin. The old backend required a simple action plugin to intercept the login action and redirect the browser to the Shibboleth login handler. So it was necessary to install both the backend and the plugin. Now, when the authentication is done via plugins, only one plugin is required. The plugin system allows combination of different plugins in a single plugin bundle installed as one.

 You can get the plugin from the new GitHub repository. See the README for instructions how to install it.

 Links:

Posted by at 21:31 0 comments
Labels: , ,

Tuesday, May 21, 2013

Shiboleth authentication for Zend Framework 2

Some time ago I wrote a simple Shibboleth authentication adapter for ZF1. Now I finally  began using Zend Framework 2 for more complex projects, which require Shibboleth authentication. So I wrote a new version of the adapter to be used with ZF2. It can be used as a module or as a standalone library. The code is available through Composer. For more information see the GitHub repository.
Posted by at 09:45 0 comments
Labels: , ,

Monday, November 19, 2012

HTTPS connections with Zend Framework 2

I suppose, that most of you know, how bad is to skip peer verification when accessing resources through SSL. There is a nice article dealing with the topic from the PHP perspective - Insufficient Transport Layer Security (HTTPS, TLS and SSL). Generally, the purpose of SSL is to secure the connection itself through encryption and also to provide authentication of the communicating peers. That means, data are not only sent through an encrypted channel, but also to the right target. To verify the remote host, you need to check, if the certificate it presents to you is signed by a trusted certification authority.

Read more »
Posted by at 15:29 2 comments
Labels: , ,

Thursday, October 11, 2012

Configuration in Zend Framework 2

First of all, to be honest - Zend Framework 2 is not ready for use at all. Of course, it brings many interesting concepts, but the problem is that you need to dig them out the hard way with numerous WTFs all the time. The documentation is incomplete and there are no best practices yet. The guys designing ZF2 made it extremely modular with components that are loosely coupled and reusable. Anti-patterns like the singleton pattern has been thrown away and dependency injection "rules them all". The question is - how to assemble a working application? The simple answer is - as you like. As a side effect to the modularity, different pieces of configuration,  autoloading and bootstrapping are scattered all over the directory structure and it's up to you what "strategy" to use. Nevertheless, there are some notions of best practices, which can be found in the documentation or in some tutorials. In this post I'll begin with the configuration.

Read more »
Posted by at 12:45 4 comments
Labels: ,

Friday, August 10, 2012

DokuWiki Shibboleth authentication backend updated and moved to GitHub

Few years ago I wrote a Shibboleth authentication backend for DokuWiki. So far it worked well, but recently I needed some additional features, so I made few modifications and enhancements:

  • moved the project to GitHub
  • changed the license from the restrictive GPL2 to FreeBSD
  • added an option to use the DokuWiki session instead of the Shibboleth session - the Shibboleth session is checked only upon login
  • the authentication backend and the login plugin are now in one single package
  • improved example configuration - better formatting and comments, you can edit it, put it in the conf/ directory and simply include it in your local.php file
  • refactored the code to be more PHP 5.x compliant
You can get the code from the GitHub repository.

Posted by at 15:02 0 comments
Labels: , ,

Tuesday, May 22, 2012

Data encryption with OpenSSL in PHP

PKI is well-known and widely spread technology. It is very easy to use it for data encryption in PHP using the standard OpenSSL extension. Data are encrypted with the public key and decrypted with the private key. There is one restriction though - the size of data encrypted with the public key can be up to the length of the key (usually 1024 or 2048 bytes), which may not be enough. Of course, you could divide your data into chunks and encrypt them separately, but there is a better solution.

Read more »
Posted by at 13:39 0 comments
Labels:
Subscribe to: Posts (Atom)