Introduction

Zend_Amf_Server

Zend_Amf_Server provides an RPC-style server for handling requests made from the Adobe Flash Player using the AMF protocol. Like all Zend Framework server classes, it follows the SoapServer API, providing an easy to remember interface for creating servers.

Example #1 Basic AMF Server

Let's assume that you have created a class Foo with a variety of public methods. You may create an AMF server using the following code:

  1. $server = new Zend_Amf_Server();
  2. $server->setClass('Foo');
  3. $response = $server->handle();
  4. echo $response;

Alternately, you may choose to attach a simple function as a callback instead:

  1. $server = new Zend_Amf_Server();
  2. $server->addFunction('myUberCoolFunction');
  3. $response = $server->handle();
  4. echo $response;

You could also mix and match multiple classes and functions. When doing so, we suggest namespacing each to ensure that no method name collisions occur; this can be done by simply passing a second string argument to either addFunction() or setClass():

  1. $server = new Zend_Amf_Server();
  2. $server->addFunction('myUberCoolFunction', 'my')
  3.        ->setClass('Foo', 'foo')
  4.        ->setClass('Bar', 'bar');
  5. $response = $server->handle();
  6. echo $response;

The Zend_Amf_Server also allows services to be dynamically loaded based on a supplied directory path. You may add as many directories as you wish to the server. The order that you add the directories to the server will be the order that the LIFO search will be performed on the directories to match the class. Adding directories is completed with the addDirectory() method.

  1. $server->addDirectory(dirname(__FILE__) .'/../services/');
  2. $server->addDirectory(dirname(__FILE__) .'/../package/');

When calling remote services your source name can have underscore ("_") and dot (".") directory delimiters. When an underscore is used PEAR and Zend Framework class naming conventions will be respected. This means that if you call the service com_Foo_Bar the server will look for the file Bar.php in the each of the included paths at com/Foo/Bar.php. If the dot notation is used for your remote service such as com.Foo.Bar each included path will have com/Foo/Bar.php append to the end to autoload Bar.php

All AMF requests sent to the script will then be handled by the server, and an AMF response will be returned.

Note: All Attached Methods and Functions Need Docblocks
Like all other server components in Zend Framework, you must document your class methods using PHP docblocks. At the minimum, you need to provide annotations for each required argument as well as the return value. As examples:

  1. // Function to attach:
  2.  
  3. /**
  4. * @param  string $name
  5. * @param  string $greeting
  6. * @return string
  7. */
  8. function helloWorld($name, $greeting = 'Hello')
  9. {
  10.     return $greeting . ', ' . $name;
  11. }
  1. // Attached class
  2.  
  3. class World
  4. {
  5.     /**
  6.      * @param  string $name
  7.      * @param  string $greeting
  8.      * @return string
  9.      */
  10.     public function hello($name, $greeting = 'Hello')
  11.     {
  12.         return $greeting . ', ' . $name;
  13.     }
  14. }
Other annotations may be used, but will be ignored.

Connecting to the Server from Flex

Connecting to your Zend_Amf_Server from your Flex project is quite simple; you simply need to point your endpoint URI to your Zend_Amf_Server script.

Say, for instance, you have created your server and placed it in the server.php file in your application root, and thus the URI is http://example.com/server.php. In this case, you would modify your services-config.xml file to set the channel endpoint uri attribute to this value.

If you have never created a service-config.xml file you can do so by opening your project in your Navigator window. Right click on the project name and select 'properties'. In the Project properties dialog go into 'Flex Build Path' menu, 'Library path' tab and be sure the 'rpc.swc' file is added to your projects path and Press Ok to close the window.

You will also need to tell the compiler to use the service-config.xml to find the RemoteObject endpoint. To do this open your project properties panel again by right clicking on the project folder from your Navigator and selecting properties. From the properties popup select 'Flex Compiler' and add the string: -services "services-config.xml". Press Apply then OK to return to update the option. What you have just done is told the Flex compiler to look to the services-config.xml file for runtime variables that will be used by the RemotingObject class.

We now need to tell Flex which services configuration file to use for connecting to our remote methods. For this reason create a new 'services-config.xml' file into your Flex project src folder. To do this right click on the project folder and select 'new' 'File' which will popup a new window. Select the project folder and then name the file 'services-config.xml' and press finish.

Flex has created the new services-config.xml and has it open. Use the following example text for your services-config.xml file. Make sure that you update your endpoint to match that of your testing server. Make sure you save the file.

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <services-config>
  3.     <services>
  4.         <service id="zend-service"
  5.             class="flex.messaging.services.RemotingService"
  6.             messageTypes="flex.messaging.messages.RemotingMessage">
  7.             <destination id="zend">
  8.                 <channels>
  9.                     <channel ref="zend-endpoint"/>
  10.                 </channels>
  11.                 <properties>
  12.                     <source>*</source>
  13.                 </properties>
  14.             </destination>
  15.         </service>
  16.     </services>
  17.     <channels>
  18.         <channel-definition id="zend-endpoint"
  19.             class="mx.messaging.channels.AMFChannel">
  20.             <endpoint uri="http://example.com/server.php"
  21.                 class="flex.messaging.endpoints.AMFEndpoint"/>
  22.         </channel-definition>
  23.     </channels>
  24. </services-config>

There are two key points in the example. First, but last in the listing, we create an AMF channel, and specify the endpoint as the URL to our Zend_Amf_Server:

  1. <channel-definition id="zend-endpoint"
  2.     <endpoint uri="http://example.com/server.php"
  3.         class="flex.messaging.endpoints.AMFEndpoint"/>
  4. </channel-definition>

Notice that we've given this channel an identifier, "zend-endpoint". The example create a service destination that refers to this channel, assigning it an ID as well -- in this case "zend".

Within our Flex MXML files, we need to bind a RemoteObject to the service. In MXML, this might be done as follows:

  1. <mx:RemoteObject id="myservice"
  2.     fault="faultHandler(event)"
  3.     showBusyCursor="true"
  4.     destination="zend">

Here, we've defined a new remote object identified by "myservice" bound to the service destination "zend" we defined in the services-config.xml file. We then call methods on it in our ActionScript by simply calling "myservice.<method>". As an example:

  1. myservice.hello("Wade");

When namespacing, you would use "myservice.<namespace>.<method>":

  1. myservice.world.hello("Wade");

For more information on Flex RemoteObject invocation, » visit the Adobe Flex 3 Help site.

Error Handling

By default, all exceptions thrown in your attached classes or functions will be caught and returned as AMF ErrorMessages. However, the content of these ErrorMessage objects will vary based on whether or not the server is in "production" mode (the default state).

When in production mode, only the exception code will be returned. If you disable production mode -- something that should be done for testing only -- most exception details will be returned: the exception message, line, and backtrace will all be attached.

To disable production mode, do the following:

  1. $server->setProduction(false);

To re-enable it, pass a TRUE boolean value instead:

  1. $server->setProduction(true);

Note: Disable production mode sparingly!
We recommend disabling production mode only when in development. Exception messages and backtraces can contain sensitive system information that you may not wish for outside parties to access. Even though AMF is a binary format, the specification is now open, meaning anybody can potentially deserialize the payload.

One area to be especially careful with is PHP errors themselves. When the display_errors INI directive is enabled, any PHP errors for the current error reporting level are rendered directly in the output -- potentially disrupting the AMF response payload. We suggest turning off the display_errors directive in production to prevent such problems

AMF Responses

Occasionally you may desire to manipulate the response object slightly, typically to return extra message headers. The handle() method of the server returns the response object, allowing you to do so.

Example #2 Adding Message Headers to the AMF Response

In this example, we add a 'foo' MessageHeader with the value 'bar' to the response prior to returning it.

  1. $response = $server->handle();
  2. $response->addAmfHeader(new Zend_Amf_Value_MessageHeader('foo', true, 'bar'))
  3. echo $response;

Typed Objects

Similar to SOAP, AMF allows passing objects between the client and server. This allows a great amount of flexibility and coherence between the two environments.

Zend_Amf provides three methods for mapping ActionScript and PHP objects.

  • First, you may create explicit bindings at the server level, using the setClassMap() method. The first argument is the ActionScript class name, the second the PHP class name it maps to:

    1. // Map the ActionScript class 'ContactVO' to the PHP class 'Contact':
    2. $server->setClassMap('ContactVO', 'Contact');
  • Second, you can set the public property $_explicitType in your PHP class, with the value representing the ActionScript class to map to:

    1. class Contact
    2. {
    3.     public $_explicitType = 'ContactVO';
    4. }
  • Third, in a similar vein, you may define the public method getASClassName() in your PHP class; this method should return the appropriate ActionScript class:

    1. class Contact
    2. {
    3.     public function getASClassName()
    4.     {
    5.         return 'ContactVO';
    6.     }
    7. }

Although we have created the ContactVO on the server we now need to make its corresponding class in AS3 for the server object to be mapped to.

Right click on the src folder of the Flex project and select New -> ActionScript File. Name the file ContactVO and press finish to see the new file. Copy the following code into the file to finish creating the class.

  1. package
  2. {
  3.     [Bindable]
  4.     [RemoteClass(alias="ContactVO")]
  5.     public class ContactVO
  6.     {
  7.         public var id:int;
  8.         public var firstname:String;
  9.         public var lastname:String;
  10.         public var email:String;
  11.         public var mobile:String;
  12.         public function ProductVO():void {
  13.         }
  14.     }
  15. }

The class is syntactically equivalent to the PHP of the same name. The variable names are exactly the same and need to be in the same case to work properly. There are two unique AS3 meta tags in this class. The first is bindable which makes fire a change event when it is updated. The second tag is the RemoteClass tag which defines that this class can have a remote object mapped with the alias name in this case ContactVO. It is mandatory that this tag the value that was set is the PHP class are strictly equivalent.

  1. [Bindable]
  2. private var myContact:ContactVO;
  3.  
  4. private function getContactHandler(event:ResultEvent):void {
  5.     myContact = ContactVO(event.result);
  6. }

The following result event from the service call is cast instantly onto the Flex ContactVO. Anything that is bound to myContact will be updated with the returned ContactVO data.

Resources

Zend_Amf provides tools for mapping resource types returned by service classes into data consumable by ActionScript.

In order to handle specific resource type, the user needs to create a plugin class named after the resource name, with words capitalized and spaces removed (so, resource type "mysql result" becomes MysqlResult), with some prefix, e.g. My_MysqlResult. This class should implement one method, parse(), receiving one argument - the resource - and returning the value that should be sent to ActionScript. The class should be located in the file named after the last component of the name, e.g. MysqlResult.php.

The directory containing the resource handling plugins should be registered with Zend_Amf type loader:

  1. Zend_Amf_Parse_TypeLoader::addResourceDirectory(
  2.     "My",
  3.     "application/library/resources/My"
  4. );

For detailed discussion of loading plugins, please see the plugin loader section.

Default directory for Zend_Amf resources is registered automatically and currently contains handlers for "mysql result" and "stream" resources.

  1. // Example class implementing handling resources of type mysql result
  2. class Zend_Amf_Parse_Resource_MysqlResult
  3. {
  4.     /**
  5.      * Parse resource into array
  6.      *
  7.      * @param resource $resource
  8.      * @return array
  9.      */
  10.     public function parse($resource) {
  11.         $result = array();
  12.         while($row = mysql_fetch_assoc($resource)) {
  13.             $result[] = $row;
  14.         }
  15.         return $result;
  16.     }
  17. }

Trying to return unknown resource type (i.e., one for which no handler plugin exists) will result in an exception.

Connecting to the Server from Flash

Connecting to your Zend_Amf_Server from your Flash project is slightly different than from Flex. However once the connection Flash functions with Zend_Amf_Server the same way is flex. The following example can also be used from a Flex AS3 file. We will reuse the same Zend_Amf_Server configuration along with the World class for our connection.

Open Flash CS and create and new Flash File (ActionScript 3). Name the document ZendExample.fla and save the document into a folder that you will use for this example. Create a new AS3 file in the same directory and call the file Main.as. Have both files open in your editor. We are now going to connect the two files via the document class. Select ZendExample and click on the stage. From the stage properties panel change the Document class to Main. This links the Main.as ActionScript file with the user interface in ZendExample.fla. When you run the Flash file ZendExample the Main.as class will now be run. Next we will add ActionScript to make the AMF call.

We now are going to make a Main class so that we can send the data to the server and display the result. Copy the following code into your Main.as file and then we will walk through the code to describe what each element's role is.

  1. package {
  2.   import flash.display.MovieClip;
  3.   import flash.events.*;
  4.   import flash.net.NetConnection;
  5.   import flash.net.Responder;
  6.  
  7.   public class Main extends MovieClip {
  8.     private var gateway:String = "http://example.com/server.php";
  9.     private var connection:NetConnection;
  10.     private var responder:Responder;
  11.  
  12.     public function Main() {
  13.       responder = new Responder(onResult, onFault);
  14.       connection = new NetConnection;
  15.       connection.connect(gateway);
  16.     }
  17.  
  18.     public function onComplete( e:Event ):void{
  19.       var params = "Sent to Server";
  20.       connection.call("World.hello", responder, params);
  21.     }
  22.  
  23.     private function onResult(result:Object):void {
  24.       // Display the returned data
  25.       trace(String(result));
  26.     }
  27.     private function onFault(fault:Object):void {
  28.       trace(String(fault.description));
  29.     }
  30.   }
  31. }

We first need to import two ActionScript libraries that perform the bulk of the work. The first is NetConnection which acts like a by directional pipe between the client and the server. The second is a Responder object which handles the return values from the server related to the success or failure of the call.

  1. import flash.net.NetConnection;
  2. import flash.net.Responder;

In the class we need three variables to represent the NetConnection, Responder, and the gateway URL to our Zend_Amf_Server installation.

  1. private var gateway:String = "http://example.com/server.php";
  2. private var connection:NetConnection;
  3. private var responder:Responder;

In the Main constructor we create a responder and a new connection to the Zend_Amf_Server endpoint. The responder defines two different methods for handling the response from the server. For simplicity I have called these onResult and onFault.

  1. responder = new Responder(onResult, onFault);
  2. connection = new NetConnection;
  3. connection.connect(gateway);

In the onComplete function which is run as soon as the construct has completed we send the data to the server. We need to add one more line that makes a call to the Zend_Amf_Server World->hello function.

  1. connection.call("World.hello", responder, params);

When we created the responder variable we defined an onResult and onFault function to handle the response from the server. We added this function for the successful result from the server. A successful event handler is run every time the connection is handled properly to the server.

  1. private function onResult(result:Object):void {
  2.     // Display the returned data
  3.     trace(String(result));
  4. }

The onFault function, is called if there was an invalid response from the server. This happens when there is an error on the server, the URL to the server is invalid, the remote service or method does not exist, and any other connection related issues.

  1. private function onFault(fault:Object):void {
  2.     trace(String(fault.description));
  3. }

Adding in the ActionScript to make the remoting connection is now complete. Running the ZendExample file now makes a connection to Zend_Amf. In review you have added the required variables to open a connection to the remote server, defined what methods should be used when your application receives a response from the server, and finally displayed the returned data to output via trace().

Authentication

Zend_Amf_Server allows you to specify authentication and authorization hooks to control access to the services. It is using the infrastructure provided by Zend_Auth and Zend_Acl components.

In order to define authentication, the user provides authentication adapter extening Zend_Amf_Auth_Abstract abstract class. The adapter should implement the authenticate() method just like regular authentication adapter.

The adapter should use properties _username and _password from the parent Zend_Amf_Auth_Abstract class in order to authenticate. These values are set by the server using setCredentials() method before call to authenticate() if the credentials are received in the AMF request headers.

The identity returned by the adapter should be an object containing property role for the ACL access control to work.

If the authentication result is not successful, the request is not proceseed further and failure message is returned with the reasons for failure taken from the result.

The adapter is connected to the server using setAuth() method:

  1. $server->setAuth(new My_Amf_Auth());

Access control is performed by using Zend_Acl object set by setAcl() method:

  1. $acl = new Zend_Acl();
  2. createPermissions($acl); // create permission structure
  3. $server->setAcl($acl);

If the ACL object is set, and the class being called defines initAcl() method, this method will be called with the ACL object as an argument. The class then can create additional ACL rules and return TRUE, or return FALSE if no access control is required for this class.

After ACL have been set up, the server will check if access is allowed with role set by the authentication, resource being the class name (or NULL for function calls) and privilege being the function name. If no authentication was provided, then if the anonymous role was defined, it will be used, otherwise the access will be denied.

  1. if($this->_acl->isAllowed($role, $class, $function)) {
  2.     return true;
  3. } else {
  4.     require_once 'Zend/Amf/Server/Exception.php';
  5.     throw new Zend_Amf_Server_Exception("Access not allowed");
  6. }

Introduction