如何稳定登录，Symfony2安全性，FOSUserBundle，FOSRestBundle? [英] How to restfully login, Symfony2 Security, FOSUserBundle, FOSRestBundle?

问题描述

我希望能够通过ws登录.

I'd like to be able to login via a ws.

我已经尝试使用指向/login的curl来模拟它，但是它只能处理HTML等. 顺便说一句，它需要一个我不想要的CSRF.

I've tried to simulate this with curl pointing to /login but it only handles HTML, etc. By the way, it requires a CSRF which I don't want.

因此，我想禁用CRSF(从login_check开始)或自行解决.

So I'd like to either disable the CRSF (from the login_check) or find a way to do it myself.

我能否覆盖在捕获路由login_check时使用的LoginListener(在哪里?).

Can I override the LoginListener (where is it?) which is used when the route login_check is catched.

有任何线索吗?

推荐答案

有很多方法可以为REST Web服务提供身份验证和授权，但是最被接受的方法似乎是

There are many ways to provide authentication and authorization to a REST Web Service but the most accepted one seems to be OAuth. Facebook, Twitter, Google, Github and the like use it.

Symfony之友的人有一个捆绑包，可在Symfony2上实现OAuth身份验证和授权: https://github.com com/FriendsOfSymfony/FOSOAuthServerBundle ，我认为这就是您想要的.

The people at Friends Of Symfony has a bundle to implement OAuth authentication and authorization on Symfony2: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle and I think this is what you are looking for.

有关Oauth的更多信息，Cloudfoundry的人员发布了一个有趣的 几天前.

For more information on Oauth, the people at Cloudfoundry posted an interesting article a couple of days ago.

关于您可以使用的其他选项，一个简单的方法是基本身份验证:

About other options you can use, a simple one is basic authentication:

firewalls:
    main:         
        pattern: ^/rest
        anonymous: ~
        form_login: false            
        provider: fos_user_bundle
        http_basic:
            realm: "REST Service Realm"

据我所知，仍然有人对此答案进行投票，我认为需要注意的是，在编写此答案时，JWT还不是一个选择，但它可能比OAuth更好.一些用例(例如，当您的应用程序要使用该API时).因此，这里是指向Symfony2/3的良好JWT实现的链接: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md

As I see that there is still people voting this answer I think that it is needed to note that at the time of writing this answer JWT was not an option yet, but that maybe it is a better option than OAuth on some use cases (e.g. When the API is going to be consumed by your own apps). So here is a link to a good JWT implementation for Symfony2/3: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md

这篇关于如何稳定登录，Symfony2安全性，FOSUserBundle，FOSRestBundle?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！