CodeIgniter Forums

Full Version: Announce: hole-security-0.1 released
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

I'm pleased to announce the release of hole-security system for PHP

This project stands for bring to PHP the kind of security that is provided in Java by Spring Security the formerly Acegi Security System for Spring.

It's designed to be attractive to Spring Security users because the philosophy is the same.

It's an unobtrusive way to add security to a PHP site.

The configuration is made using substrate IoC/DI as Spring Security use Spring IoC/DI.

An example configuration ship with the framework and can be used like this:

$context = new substrate_Context(


    $hole_Security = $context->get('hole_FilterChainProxy' );

Just be sure that the bootstrap code of the framework is executed before the bootstrap of the MVC of your choice.


Download from:

Discussion group:
Feedbacks are welcome

For the moment you can use reference documentation of Spring Security where it's apply. You can get a general idea using the Acegi Security reference documentation because hole-security use the same way of configuration, but keep in mind that it's based on Spring Security.

It's released under Apache License Version 2.0.

El Forum

Its simply incredible.I like learning with a real life scenario.Could you kind enough to furnish us with an example on how your contribution can improve site security?.


El Forum

sorry for the delay in the response
hole-security brings an pluggable security system where you can adopt the security requirement of your environment. Currently there is a very simple security system because it's on the first release but with the base foundation that it brings you could suggest or request for new features to be added to the project.

Currently Features:
1- In memory dao authentication as a proof of concept, you can switch to your preferred dao or implementation that get's user data from database or wherever you store it. In futures release an PDO based implementation will be created.

2- Configured filters for be applied to url patterns. Url path matcher can be plugged to, currently it ship with a ant styles path matcher.

3- Authorization Manager can be used in your application to decide wherever or not do something, always obtaining the reference from the substrate context.

4- Shared Security Context accessible from any code of your application if hole_HttpSessionContextIntegrationFilter is applied. You can use this context to save information related to the session without use the session object directly.

5- You can use a custom login page and customize it according to the hole_AuthenticationProcessingFilter configuration, or customize hole_AuthenticationProcessingFilter according to your custom login page.

6- The default password encoder is plain text, without encoding. Futures releases will have implementations for MD5, Sha based, Base64 and others related encoding. You can create your own password encoder and get configured.

7- All the objects are loaded as required, if something like a filter it's not used for a request would not be loaded. This increase the performance of the application
There are others features related that hole-security have.