Cakephp 4 Authorization, how to create a secure application protecting zones with the use of access policies
Cakephp 4 Authorization
First we will install the corresponding package with composer
composer require "cakephp/authorization:^2.0"
Then we proceed to add the corresponding code, we import each of the classes
use Authorization\AuthorizationService;
use Authorization\AuthorizationServiceInterface;
use Authorization\AuthorizationServiceProviderInterface;
use Authorization\Middleware\AuthorizationMiddleware;
use Authorization\Policy\OrmResolver;
use Psr\Http\Message\ResponseInterface;
We add the corresponding interfaces usually combined with the authentication class
class Application extends BaseApplication implements AuthorizationServiceProviderInterface
We add the corresponding plugin in the bootstrap() method
$this->addPlugin('Authorization');
We proceed to incorporate the middleware
->add(new AuthorizationMiddleware($this))
We continue with the method and solve them
public function getAuthorizationService(ServerRequestInterface $request): AuthorizationServiceInterface
{
$resolver = new OrmResolver();
return new AuthorizationService($resolver);
}
It’s time to start loading the component in the AppController.php file
$this->loadComponent('Authorization.Authorization');
It’s time to use the class, we can add the following method in the controller that we want to bypass an authorization
$this->Authorization->skipAuthorization();