PHPackages waglpz/webapp-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. waglpz/webapp-security ActiveLibrary[Security](/categories/security) waglpz/webapp-security ====================== Web App Security Implementation 2.1.1(1mo ago)12.7k↓25%[1 issues](https://github.com/waglpz/webapp-security/issues)2MITPHPPHP ^8.2 Since Apr 28Pushed 1y ago2 watchersCompare [ Source](https://github.com/waglpz/webapp-security)[ Packagist](https://packagist.org/packages/waglpz/webapp-security)[ RSS](/packages/waglpz-webapp-security/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (34)Versions (6)Used By (2) Waglpz WebApp Security Component ================================ [](#waglpz-webapp-security-component) [![PHP Checked](https://github.com/waglpz/webapp-security/workflows/PHP%20Composer/badge.svg)](https://github.com/waglpz/webapp-security/workflows/PHP%20Composer/badge.svg) Install via composer -------------------- [](#install-via-composer) `composer require waglpz/webapp-security` Working with sources within Docker ---------------------------------- [](#working-with-sources-within-docker) Clone Project in some Directory `git clone https://github.com/waglpz/webapp-security.git` Go into Directory `webapp-security` and run: `bash ./bin/start.sh` to start working within Docker Container. To stop and clean run: `bash ./bin/clean.sh` ##### Composer using from Docker Container [](#composer-using-from-docker-container) 1. Install Vendor Dependencies `composer install` 2. Display Waglpz Composer commands: `composer list | grep waglpz` 1. Check Source Code vitality: `composer waglpz:check:normal` 2. Check Source Code Styles: `waglpz:cs-check` 3. Automatic fix Source Code Styles Errors: `waglpz:cs-fix` #### Authentication Basic for an API [](#authentication-basic-for-an-api) How to authenticate a User from HTTP Request as a Gherkin Szenario ``` Szenario: Basic Authentication Given: HTTP Request contains 'PHP_AUTH_USER' and 'PHP_AUTH_PW' And: We have an Instance of `\Waglpz\Webapp\Security\Authenticator` And: We have dependency Instance of `Waglpz\Webapp\Security\UserAuthDataAdapter` injected in `\Waglpz\Webapp\Security\Authenticator` When: Runtime call `\Waglpz\Webapp\Security\Authenticator::authenticate(ServerRequestInterface)` And: User found via `\Waglpz\Webapp\Security\UserAuthDataAdapter` Then: `Waglpz\Webapp\Security\Authenticator::authenticate(ServerRequestInterface) returns boolean true ``` Example PHP code ``` $users = [ [ 'username' => 'tester@akme.com', 'role' => 'ROLE_TESTER', 'password' => 'xxxxxx123', ], ]; $authDataAdapter = new \Waglpz\Webapp\Security\CredentialDataAdapterInMemory($users); $authenticator = new \Waglpz\Webapp\Security\AuthenticatorBasic($authDataAdapter); /* * $request contains valid user "tester@akme.com" and password "xxxxxx123" */ $request; \assert($request instanceof \Psr\Http\Message\ServerRequestInterface); $authResult = $authenticator->authenticate($request); \assert($authResult); \assert($authenticator->username() === 'tester@akme.com'); ``` #### Find exist User Roles [](#find-exist-user-roles) How to find Role of a User as a Gherkin Szenario ``` Szenario: Find User Role Given: We have an Instance of `\Waglpz\Webapp\Security\UserAuthRolesProvider` And: We have dependency Instance of `Waglpz\Webapp\Security\UserAuthDataAdapter` injected in `\Waglpz\Webapp\Security\UserAuthRolesProvider` When: Runtime call `\Waglpz\Webapp\Security\UserAuthRolesProvider::findRole(?string)` And: User found via `Waglpz\Webapp\Security\UserAuthDataAdapter` Then: `\Waglpz\Webapp\Security\UserAuthRolesProvider::findRole(?string) returns array of Roles ``` Example PHP code ``` $users = [ [ 'username' => 'tester@akme.com', 'role' => 'ROLE_TESTER', 'password' => 'xxxxxx123', ], ]; $authDataAdapter = new \Waglpz\Webapp\Security\CredentialDataAdapterInMemory($users); $rolesFinder = new \Waglpz\Webapp\Security\UserAuthRolesProvider($authDataAdapter); $roles = $rolesFinder->findRole('tester@akme.com'); \assert($roles === ['ROLE_TESTER']) ``` #### Routing Firewall [](#routing-firewall) How to secure the Route by Role of a User as a Gherkin Szenario ``` Szenario: Secure the Route by Firewall Given: We have an Instance of `\Waglpz\Webapp\Security\Firewall` And: We have a array of Firewall Rules injected in `\Waglpz\Webapp\Security\Firewall` When: Runtime call `\Waglpz\Webapp\Security\Firewall::checkRules(ServerRequestInterface, roles)` And: User roles matches Firewall Rules Then: No Forbidden 403 Exception was thrown. ``` Example PHP code ``` $rules = [ '/abc-route' => ['ROLE_TESTER'], ]; $users = [ [ 'username' => 'tester@akme.com', 'role' => 'ROLE_TESTER', 'password' => 'xxxxxx123', ], ]; $authDataAdapter = new \Waglpz\Webapp\Security\CredentialDataAdapterInMemory($users); $rolesFinder = new \Waglpz\Webapp\Security\UserAuthRolesProvider($authDataAdapter); $roles = $rolesFinder->findRole('tester@akme.com'); \assert($roles === ['ROLE_TESTER']) $firewall = new \Waglpz\Webapp\Security\Firewall($rules); $request; \assert($request instanceof \Psr\Http\Message\ServerRequestInterface); try { $firewall->checkRules($request,$currentRoles); } catch (\Waglpz\Webapp\Security\Forbidden $exception) { // this block will not execute, because user current role was matched for route in rules } ``` ### Health Score 37 — LowBetter than 83% of packages Maintenance38 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community11 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~355 days Total 5 Last Release 59d ago Major Versions v1.0.0 → v2.0.02023-03-20 PHP version history (2 changes)v1.0.0PHP ^7.4 v2.0.0PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/5d2bf7e4ad2cd1a9994072f5e0d794770b5dcfc27e794e47c2e38a07352485ea?d=identicon)[waglpz](/maintainers/waglpz) --- Top Contributors [![olekhy](https://avatars.githubusercontent.com/u/422148?v=4)](https://github.com/olekhy "olekhy (12 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/waglpz-webapp-security/health.svg) ``` [![Health](https://phpackages.com/badges/waglpz-webapp-security/health.svg)](https://phpackages.com/packages/waglpz-webapp-security) ``` ### Alternatives [shopify/shopify-api Shopify API Library for PHP 4634.8M16](/packages/shopify-shopify-api)[shieldon/shieldon Web application firewall for PHP. 87328.2k1](/packages/shieldon-shieldon)[leuchtfeuer/secure-downloads "Secure Download": Apply TYPO3 access rights to ALL file assets (PDFs, TGZs or JPGs etc. - configurable) - protect them from direct access. 22234.7k1](/packages/leuchtfeuer-secure-downloads)[selective/samesite-cookie Secure your site with SameSite cookies 10144.0k](/packages/selective-samesite-cookie) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)