Reference

Authorization adapters

You can configure the authorization adapter to use via your service container configuration. Specifically, you can either map the service name Zend\Expressive\Authorization\AuthorizationInterface to a factory, or alias it to the appropriate service.

For instance, using Expressive container configuration, you could select the zend-expressive-authorization-acl adapter in either of the following ways:

• Using an alias:

  use Zend\Expressive\Authorization\AuthorizationInterface;
  use Zend\Expressive\Authorization\Acl\ZendAcl;

  return [
      'dependencies' => [
          // Using an alias:
          'aliases' => [
              AuthorizationInterface::class => ZendAcl::class,
          ],
      ],
  ];

• Mapping to a factory:

  use Zend\Expressive\Authorization\AuthorizationInterface;
  use Zend\Expressive\Authorization\Acl\ZendAclFactory;

  return [
      'dependencies' => [
          // Using a factory:
          'factories' => [
              AuthorizationInterface::class => ZendAclFactory::class,
          ],
      ],
  ];

We provide two different adapters.

• The RBAC adapter is provided by zend-expressive-authorization-rbac.
• The ACL adapter is provided by zend-expressive-authorization-acl.

Each adapter is installable via Composer:

$ composer require zendframework/zend-expressive-authorization-rbac
# or
$ composer require zendframework/zend-expressive-authorization-acl

In each adapter, we use the route name as the resource. This means you can specify if a role is authorized to access a specific HTTP route. However, this is just one approach to implementing an authorization system; you can create your own system by implementing the AuthorizationInterface.

For more information on the adapters, please read the RBAC documentation and the ACL documentation.