I am building Restful Web Services (CURD) in ZF2. I find many resources regard building restful webs services in zf2 but did not find any on user authorization using acl in zf2
I need some guidence on implimenting Authentication and authorization using ACL in zf2 as part of web service.
Every user will have a role and every role will have access to limited resources (such as curd operations).
User will able to perform curd operation according to the permission it has in database which can be fetched using restful service for specific role.
But, firstly client Username and password needs to be authenticated using a service and return allowed resources list on success. I am not sure where would this fit in curd. I am planing to use Post using curl with HTTP digest and return json (is this correct way? or any better alternative?)
then these resources will be loaded in acl for authorization on client side controller, user basic information will be saved in session for further usage.
Every request/action will be made/perform within client application (in controllers), and controller action will access services using CURL for CURD operations
Every Curl requst to service will be further authenticated using http digest.
This way Restfull service will only perform Curd operations and ACL will be handled on client application.
Has anyone implimented restful services and login authentication and authorization in zf2 acl.
Abstract diagram will look something like this.
I have read following but still don't know whether it is right way to impliment or not. Any recommended reading on zf2 with doctrine2 for above?
