Framework Skeleton: Setting STDOUT Attributes

Attributes are values saved by event listeners into STDOUT MVC API Lucinda\MVC\STDOUT\Request / Lucinda\MVC\STDOUT\Application / Lucinda\MVC\STDOUT\Response objects, to be later used by subsequent event listeners or page controllers:

Attribute name Value type Issued by Saved into Stores
logger Lucinda\Framework\MultiLogger LoggingListener Application Object to use in logging later on.
validation_results Lucinda\RequestValidator\ResultsList SecurityListener Request Request parameters/method validation results
user_id integer|string SecurityListener Request Logged in user id.
access_token string SecurityListener Request Access token to be used by RESTful APIs in authorizing requests to private resources.
ip string SecurityListener Request IP of client detected by server or received from headers.
token string RestController Response Value of above transported to response.
csrf CsrfTokenDetector ValidationListener Request Object to use in CSRF token generation.
oauth2 OAuth2ResourcesDriver SecurityListener Request Detected OAuth2 driver to query for resources.


This attribute stores a MultiLogger instance, which acts like a hub that distributes messages to each logger defined in XML for development environment. To get logger later on in subsequent listeners and controllers:


To log something:

$this->application->attributes("logger")->info("YOUR MESSAGE");


This attribute stores validation results for each request (eg: POST) or path parameter. To get validation result (eg: entity id) of parameter value (eg: entity name) by param name:


Result can be null if validation failed or anything else if validation succeeded. To check if validation has failed for at least one parameter:


Result is boolean. To check validation status for each parameter by its name:


Result is value of Lucinda\RequestValidator\ResultStatus enum.


This attribute stores unique identifier of logged in user (could be a number reflecting database id or a string token). To get its value in subsequent listeners and controllers, write:



This attribute stores access token to be used in authorizing requests to a RestAPI, generated after a successful authentication. To get its value in subsequent listeners and controllers, write:



This attribute stores client ip address detected by server (REMOTE_ADDR) or from headers (HTTP_X_FORWARDED_FOR or similar). To get its value in subsequent listeners and controllers, write:



RestController picks value above and forwards it to response, in order to be used by callers as Authorization header later on for requests authorization. To get its value in subsequent listeners, write:



This attribute is used to generate an unique crypted token to be sent in form login POST request, along with username/email & password:

<form action="/login" method="POST"> ... <input type="hidden" name="csrf" value="${data.csrf}"/> ... </form>

Where ${data.csrf} must be sent by controller via this line:

$this->response->attributes("csrf", $this->request->attributes("csrf")->generate(0));

On every GET request to login page, framework creates new token. When a POST request to login page is received, framework checks client's identity based on this token. If token is unreadable or its contents don't match original request a SecurityException is thrown. Otherwise logic moves forward.


This attribute is used to query OAuth2 provider for custom resources (eg: Facebook photos) on behalf of connected user if class referenced by dao attribute of <oauth2> tag also implements Lucinda\Framework\OAuth2ResourcesDAO.

To query a driver for a resource:

$this->application->attributes("oauth2")->getResource(RESOURCE_URI, RESOURCE_FIELDS=[])


This command will return an array representation of that resource, if all goes well, or throw:

For example to get Facebook photos of current logged in user, you first need to have "user_photos" in <scope> tag for matching <driver> then let user approve this access level while logging in. Once all complete, you can simply write: