Re: [fw-general] Zend_XmlRpc token passing

[Daniel Latter]

RE Matthew, (and list)

One more question if I may.
Rather than verifying the token at the method level what do you think
about verifying the token in the request constructor?
What I mean is that for each server method that you want "protected"
you would have to verify the token in the method body. But if you do
this in the extended request constructor say, you would only need to
do this once.?

I would be gratefull to hear your thoughts on this?

Thanks
Daniel

On 6 Sep 2010, at 16:52, Matthew Weier O'Phinney <matt...@zend.com>  
wrote:

-- Daniel Latter <dan.lat...@gmail.com> wrote
(on Monday, 06 September 2010, 04:43 PM +0100):
Sorry, I missed part of the message:

Would you just specify the token here:

client = new Zend_XmlRpc_Client('http://localhost:10088/ 
xmlrpcserver');
$timesheets = $client->getProxy('timesheets');
$resp = $timesheets->addHours($token, $hours);

Yes, exactly -- you add the token as the first or last argument to  
every
method, and then the request object on the server side strips it out,
and you inject it into service classes.


---------- Forwarded message ----------
From: Daniel Latter <dan.lat...@gmail.com>
Date: 6 September 2010 16:40
Subject: Zend_XmlRpc token passing
To: Zend Framework General <fw-general@lists.zend.com>


hi,

RE: Matthew Weier O'Phinney

On a Nabble post you refer to a piece of code that enables the  
passing
of a token:

 class My_XmlRpc_Request extends Zend_XmlRpc_Request_Http
   {

       public function __construct()
       {
           parent::__construct();

           if ($this->getMethod() != 'login') {
               $params = $this->getParams();
               $token  = array_shift($params);
               $this->setParams($params);

               // Verify the token, and then add it to the  
registry...
               Zend_Registry::set('token', $token);
           }
       }
   }

I am correct in thinking that all service method(s) will stay the
same, i.e. - have no reference to the token?

so like this:

/**
        * Add timesheet hours for a candidate
        *
        * @param array Hours for a working week
        * @return array
        */
       public function addHours($hours) {

               $timesheetService = new Service_Timesheet();
               $resp = $timesheetService->addCandidateTimesheetHours 
($hours);

               return $resp;
       }


and NOT like this:

/**
        * Add timesheet hours for a candidate
        *
        * @param string token
        * @param array Hours for a working week
        * @return array
        */
       public function addHours($token, $hours) {

               $timesheetService = new Service_Timesheet();
               $resp = $timesheetService->addCandidateTimesheetHours 
($hours);

               return $resp;
       }


TIA

Daniel.


--
Matthew Weier O'Phinney
Project Lead            | matt...@zend.com
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc