我们正在使用具有多级访问权限(管理员,员工,用户)的CodeIgniter开发应用程序。我们希望通过为每种用户提供将用于身份验证的特殊私钥(证书密钥)来使用SSL进行管理。
这就是我们的观点在文件夹中的组织方式:
观点>
secure >
admin >
employee >
user >
这是我们保护这些文件夹的服务器配置文件的一部分:
` 允许所有人
<Directory /home/snivan/bustickets/application/views/secure/admin>
SSLCACertificateFile /home/snivan/ca/servercerts/xcacertnew.pem
SSLVerifyClient require
DocumentRoot / home / snivan / bustickets
SSLEngine On
ServerName xxxx
SSLCertificateFile /home/snivan/ca/servercerts/server-cert.pem
SSLCertificateKeyFile /home/snivan/ca/servercerts/server-private.key
SSLCertificateChainFile /home/snivan/ca/servercerts/gr_snivan_ca_server_chain.p$
SSLOptions StdEnvVars
<Directory /home/snivan/bustickets>
Allow from all
</Directory>
<Directory /home/snivan/bustickets/application/views/secure/admin>
SSLCACertificateFile /home/snivan/ca/servercerts/xcacertnew.pem
SSLVerifyClient require
SSLVerifyDepth 3
SSLRequire %{SSL_CLIENT_S_DN_CN} in {"xxxx$
</Directory>
<Directory /home/snivan/bustickets/application/views/secure/employee>
SSLCACertificateFile /home/snivan/ca/servercerts/xcacertnew.pem
SSLVerifyClient require
SSLVerifyDepth 3
SSLRequire %{SSL_CLIENT_S_DN_CN} in {"xxxx$
</Directory>
<Directory /home/snivan/bustickets/application/views/secure/user>
SSLCACertificateFile /home/snivan/ca/servercerts/xcacertnew.pem
SSLVerifyClient require
SSLVerifyDepth 3
SSLRequire %{SSL_CLIENT_S_DN_CN} in {"xxxx$
</Directory>`
禁止直接访问https://dom.com/application/views/secure/admin/index.html, 但我们仍然可以使用控制器访问此文件夹中的视图。
我们如何让控制器访问的每个视图都要求提供证书,这是否可能?