Merge pull request #4107 from AntonyThorpe/patch-3

Update 03_Authentication.md
This commit is contained in:
Ingo Schommer 2015-04-26 18:28:55 +12:00
commit a2d196cc4e

View File

@ -7,25 +7,20 @@ By default, SilverStripe provides a `[api:MemberAuthenticator]` class which hook
authentication system. authentication system.
The main login system uses these controllers to handle the various security requests: The main login system uses these controllers to handle the various security requests:
* `[api:Security]` Which is the controller which handles most front-end security requests, including
`[api:Security]` Which is the controller which handles most front-end security requests, including
Logging in, logging out, resetting password, or changing password. This class also provides an interface Logging in, logging out, resetting password, or changing password. This class also provides an interface
to allow configured `[api:Authenticator]` classes to each display a custom login form. to allow configured `[api:Authenticator]` classes to each display a custom login form.
* `[api:CMSSecurity]` Which is the controller which handles security requests within the CMS, and allows
`[api:CMSSecurity]` Which is the controller which handles security requests within the CMS, and allows
users to re-login without leaving the CMS. users to re-login without leaving the CMS.
## Member Authentication ## Member Authentication
The default member authentication system is implemented in the following classes: The default member authentication system is implemented in the following classes:
* `[api:MemberAuthenticator]` Which is the default member authentication implementation. This uses the email
`[api:MemberAuthenticator]` Which is the default member authentication implementation. This uses the email
and password stored internally for each member to authenticate them. and password stored internally for each member to authenticate them.
* `[api:MemberLoginForm]` Is the default form used by `MemberAuthenticator`, and is displayed on the public site
`[api:MemberLoginForm]` Is the default form used by `MemberAuthenticator`, and is displayed on the public site
at the url `Security/login` by default. at the url `Security/login` by default.
* `[api:CMSMemberLoginForm]` Is the secondary form used by `MemberAuthenticator`, and will be displayed to the
`[api:CMSMemberLoginForm]` Is the secondary form used by `MemberAuthenticator`, and will be displayed to the
user within the CMS any time their session expires or they are logged out via an action. This form is user within the CMS any time their session expires or they are logged out via an action. This form is
presented via a popup dialog, and can be used to re-authenticate that user automatically without them having presented via a popup dialog, and can be used to re-authenticate that user automatically without them having
to lose their workspace. E.g. if editing a form, the user can login and continue to publish their content. to lose their workspace. E.g. if editing a form, the user can login and continue to publish their content.
@ -34,12 +29,10 @@ The default member authentication system is implemented in the following classes
Additional authentication methods (oauth, etc) can be implemented by creating custom implementations of each of the Additional authentication methods (oauth, etc) can be implemented by creating custom implementations of each of the
following base classes: following base classes:
* `[api:Authenticator]` The base class for authentication systems. This class also acts as the factory
`[api:Authenticator]` The base class for authentication systems. This class also acts as the factory
to generate various login forms for parts of the system. If an authenticator supports in-cms to generate various login forms for parts of the system. If an authenticator supports in-cms
reauthentication then it will be necessary to override the `supports_cms` and `get_cms_login_form` methods. reauthentication then it will be necessary to override the `supports_cms` and `get_cms_login_form` methods.
* `[api:LoginForm]` which is the base class for a login form which links to a specific authenticator. At the very
`[api:LoginForm]` which is the base class for a login form which links to a specific authenticator. At the very
least, it will be necessary to implement a form class which provides a default login interface. If in-cms least, it will be necessary to implement a form class which provides a default login interface. If in-cms
re-authentication is desired, then a specialised subclass of this method may be necessary. For example, this form re-authentication is desired, then a specialised subclass of this method may be necessary. For example, this form
could be extended to require confirmation of username as well as password. could be extended to require confirmation of username as well as password.