PHPackages                             waglpz/webapp-security - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. waglpz/webapp-security

ActiveLibrary[Security](/categories/security)

waglpz/webapp-security
======================

Web App Security Implementation

2.1.1(3mo ago)13.3k↓25%[1 issues](https://github.com/waglpz/webapp-security/issues)2MITPHPPHP ^8.2CI failing

Since Apr 28Pushed 3mo ago2 watchersCompare

[ Source](https://github.com/waglpz/webapp-security)[ Packagist](https://packagist.org/packages/waglpz/webapp-security)[ RSS](/packages/waglpz-webapp-security/feed)WikiDiscussions master Synced yesterday

READMEChangelog (4)Dependencies (34)Versions (6)Used By (2)

Waglpz WebApp Security Component
================================

[](#waglpz-webapp-security-component)

[![PHP Checked](https://github.com/waglpz/webapp-security/workflows/PHP%20Composer/badge.svg)](https://github.com/waglpz/webapp-security/workflows/PHP%20Composer/badge.svg)

Install via composer
--------------------

[](#install-via-composer)

`composer require waglpz/webapp-security`

Working with sources within Docker
----------------------------------

[](#working-with-sources-within-docker)

Clone Project in some Directory `git clone https://github.com/waglpz/webapp-security.git`

Go into Directory `webapp-security` and run: `bash ./bin/start.sh` to start working within Docker Container.

To stop and clean run: `bash ./bin/clean.sh`

##### Composer using from Docker Container

[](#composer-using-from-docker-container)

1. Install Vendor Dependencies `composer install`
2. Display Waglpz Composer commands: `composer list | grep waglpz`
    1. Check Source Code vitality: `composer waglpz:check:normal`
    2. Check Source Code Styles: `waglpz:cs-check`
    3. Automatic fix Source Code Styles Errors: `waglpz:cs-fix`

#### Authentication Basic for an API

[](#authentication-basic-for-an-api)

How to authenticate a User from HTTP Request as a Gherkin Szenario

```
Szenario: Basic Authentication
    Given: HTTP Request contains 'PHP_AUTH_USER' and 'PHP_AUTH_PW'
    And: We have an Instance of `\Waglpz\Webapp\Security\Authenticator`
    And: We have dependency Instance of `Waglpz\Webapp\Security\UserAuthDataAdapter` injected in `\Waglpz\Webapp\Security\Authenticator`
    When: Runtime call `\Waglpz\Webapp\Security\Authenticator::authenticate(ServerRequestInterface)`
    And: User found via `\Waglpz\Webapp\Security\UserAuthDataAdapter`
    Then: `Waglpz\Webapp\Security\Authenticator::authenticate(ServerRequestInterface) returns boolean true
```

Example PHP code

```
$users = [
    [
        'username' => 'tester@akme.com',
        'role' => 'ROLE_TESTER',
        'password' => 'xxxxxx123',
    ],
];
$authDataAdapter = new \Waglpz\Webapp\Security\CredentialDataAdapterInMemory($users);
$authenticator = new \Waglpz\Webapp\Security\AuthenticatorBasic($authDataAdapter);

/*
 * $request contains valid user "tester@akme.com" and password "xxxxxx123"
 */
$request;
\assert($request instanceof \Psr\Http\Message\ServerRequestInterface);

$authResult = $authenticator->authenticate($request);

\assert($authResult);
\assert($authenticator->username() === 'tester@akme.com');
```

#### Find exist User Roles

[](#find-exist-user-roles)

How to find Role of a User as a Gherkin Szenario

```
Szenario: Find User Role
    Given: We have an Instance of `\Waglpz\Webapp\Security\UserAuthRolesProvider`
    And: We have dependency Instance of `Waglpz\Webapp\Security\UserAuthDataAdapter` injected in `\Waglpz\Webapp\Security\UserAuthRolesProvider`
    When: Runtime call `\Waglpz\Webapp\Security\UserAuthRolesProvider::findRole(?string)`
    And: User found via `Waglpz\Webapp\Security\UserAuthDataAdapter`
    Then: `\Waglpz\Webapp\Security\UserAuthRolesProvider::findRole(?string) returns array of Roles
```

Example PHP code

```
$users = [
    [
        'username' => 'tester@akme.com',
        'role' => 'ROLE_TESTER',
        'password' => 'xxxxxx123',
    ],
];
$authDataAdapter = new \Waglpz\Webapp\Security\CredentialDataAdapterInMemory($users);
$rolesFinder = new \Waglpz\Webapp\Security\UserAuthRolesProvider($authDataAdapter);

$roles = $rolesFinder->findRole('tester@akme.com');

\assert($roles === ['ROLE_TESTER'])
```

#### Routing Firewall

[](#routing-firewall)

How to secure the Route by Role of a User as a Gherkin Szenario

```
Szenario: Secure the Route by Firewall
    Given: We have an Instance of `\Waglpz\Webapp\Security\Firewall`
    And: We have a array of Firewall Rules injected in `\Waglpz\Webapp\Security\Firewall`
    When: Runtime call `\Waglpz\Webapp\Security\Firewall::checkRules(ServerRequestInterface, roles)`
    And: User roles matches Firewall Rules
    Then: No Forbidden 403 Exception was thrown.
```

Example PHP code

```
$rules = [
    '/abc-route' => ['ROLE_TESTER'],
];
$users = [
    [
        'username' => 'tester@akme.com',
        'role' => 'ROLE_TESTER',
        'password' => 'xxxxxx123',
    ],
];
$authDataAdapter = new \Waglpz\Webapp\Security\CredentialDataAdapterInMemory($users);
$rolesFinder = new \Waglpz\Webapp\Security\UserAuthRolesProvider($authDataAdapter);

$roles = $rolesFinder->findRole('tester@akme.com');

\assert($roles === ['ROLE_TESTER'])

$firewall = new \Waglpz\Webapp\Security\Firewall($rules);

$request;
\assert($request instanceof \Psr\Http\Message\ServerRequestInterface);

try {
    $firewall->checkRules($request,$currentRoles);
} catch (\Waglpz\Webapp\Security\Forbidden $exception) {
    // this block will not execute, because user current role was matched for route in rules
}
```

###  Health Score

43

—

FairBetter than 89% of packages

Maintenance60

Regular maintenance activity

Popularity23

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~355 days

Total

5

Last Release

105d ago

Major Versions

v1.0.0 → v2.0.02023-03-20

PHP version history (2 changes)v1.0.0PHP ^7.4

v2.0.0PHP ^8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/5d2bf7e4ad2cd1a9994072f5e0d794770b5dcfc27e794e47c2e38a07352485ea?d=identicon)[waglpz](/maintainers/waglpz)

---

Top Contributors

[![olekhy](https://avatars.githubusercontent.com/u/422148?v=4)](https://github.com/olekhy "olekhy (14 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP\_CodeSniffer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/waglpz-webapp-security/health.svg)

```
[![Health](https://phpackages.com/badges/waglpz-webapp-security/health.svg)](https://phpackages.com/packages/waglpz-webapp-security)
```

###  Alternatives

[aws/aws-sdk-php

AWS SDK for PHP - Use Amazon Web Services in your PHP project

6.3k543.5M2.6k](/packages/aws-aws-sdk-php)[google/auth

Google Auth Library for PHP

1.4k294.2M219](/packages/google-auth)[typo3/cms

TYPO3 CMS is a free open source Content Management Framework initially created by Kasper Skaarhoj and licensed under GNU/GPL.

1.2k1.9M122](/packages/typo3-cms)[neuron-core/neuron-ai

The PHP Agentic Framework.

2.0k656.1k38](/packages/neuron-core-neuron-ai)[tempest/framework

The PHP framework that gets out of your way.

2.2k34.4k15](/packages/tempest-framework)[typo3/cms-core

TYPO3 CMS Core

3713.2M5.1k](/packages/typo3-cms-core)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
