如何稳定登录,Symfony2安全性,FOSUserBundle,FOSRestBundle? [英] How to restfully login, Symfony2 Security, FOSUserBundle, FOSRestBundle?
问题描述
我希望能够通过ws登录.
I'd like to be able to login via a ws.
我已经尝试使用指向/login
的curl来模拟它,但是它只能处理HTML等.
顺便说一句,它需要一个我不想要的CSRF.
I've tried to simulate this with curl pointing to /login
but it only handles HTML, etc.
By the way, it requires a CSRF which I don't want.
因此,我想禁用CRSF(从login_check
开始)或自行解决.
So I'd like to either disable the CRSF (from the login_check
) or find a way to do it myself.
我能否覆盖在捕获路由login_check
时使用的LoginListener(在哪里?).
Can I override the LoginListener (where is it?) which is used when the route login_check
is catched.
有任何线索吗?
推荐答案
有很多方法可以为REST Web服务提供身份验证和授权,但是最被接受的方法似乎是
There are many ways to provide authentication and authorization to a REST Web Service but the most accepted one seems to be OAuth. Facebook, Twitter, Google, Github and the like use it.
Symfony之友的人有一个捆绑包,可在Symfony2上实现OAuth身份验证和授权: https://github.com com/FriendsOfSymfony/FOSOAuthServerBundle ,我认为这就是您想要的.
The people at Friends Of Symfony has a bundle to implement OAuth authentication and authorization on Symfony2: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle and I think this is what you are looking for.
有关Oauth的更多信息,Cloudfoundry的人员发布了一个有趣的 几天前.
For more information on Oauth, the people at Cloudfoundry posted an interesting article a couple of days ago.
关于您可以使用的其他选项,一个简单的方法是基本身份验证:
About other options you can use, a simple one is basic authentication:
firewalls:
main:
pattern: ^/rest
anonymous: ~
form_login: false
provider: fos_user_bundle
http_basic:
realm: "REST Service Realm"
据我所知,仍然有人对此答案进行投票,我认为需要注意的是,在编写此答案时,JWT还不是一个选择,但它可能比OAuth更好.一些用例(例如,当您的应用程序要使用该API时).因此,这里是指向Symfony2/3的良好JWT实现的链接: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md
As I see that there is still people voting this answer I think that it is needed to note that at the time of writing this answer JWT was not an option yet, but that maybe it is a better option than OAuth on some use cases (e.g. When the API is going to be consumed by your own apps). So here is a link to a good JWT implementation for Symfony2/3: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md
这篇关于如何稳定登录,Symfony2安全性,FOSUserBundle,FOSRestBundle?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!