使用一个登录表单对多个symfony2防火墙进行身份验证 [英] Authenticate multiple symfony2 firewalls with one login form
问题描述
我有两个防火墙:
-
api
(用于API调用) -
main
(用于其他所有内容)
api
(for API calls)main
(for everything else)
我的客户端应用程序登录通过main
防火墙进行.但是,它确实与api
防火墙下的端点进行交互以获取数据.这里的问题是,我不想强迫用户再次登录以针对第二个防火墙进行身份验证.
My client app login happens via the main
firewall. However, it does interact with endpoints under the api
firewall to fetch data. The problem here is that I don't want to force the user to log in a second time for authenticating against the second firewall.
如何仅用一个登录表单就对这两个防火墙进行身份验证?
How can I authenticate against both firewalls with just a single login form?
推荐答案
也许您可以尝试使用上下文"防火墙属性.
Perhaps you could try the 'context' firewall property.
假设您有类似这样的配置(大概就是这样):
Say you have a configuration something like this (which presumably you do):
security:
// providers etc ...
firewall:
main:
pattern: # ...
provider: my_users
http_basic: ~
api:
pattern: # ...
provider: my_users
http_basic: ~
在这种情况下,通过主"防火墙进行身份验证后,用户会话将包含"_security_main"属性,然后当他们尝试访问"api"位置时,将提示他们重新进行身份验证,然后获得"_security_api"会话属性.
In this case the user's session will contain a '_security_main' property after authenticating against the 'main' firewall, and then when they attempt to access an 'api' location they will be prompted to re-auth and will then gain a '_security_api' session property.
为防止再次提示,您可以将'context'属性添加到您希望共享同一身份验证的每个防火墙定义中-因此:
To prevent this re-prompt, you can add the 'context' property to each firewall definition you wish to share the same authentication - so:
security:
# providers etc ...
firewall:
main:
pattern: # ...
provider: my_users
http_basic: ~
context: primary_auth # new
api:
pattern: # ...
provider: my_users
http_basic: ~
context: primary_auth # new
在这种情况下,通过主"防火墙进行身份验证后,将在用户会话中设置"_security_primary_auth"属性.然后,"api"火灾中的所有后续请求都将使用"_security_primary_auth"的值来建立身份验证状态(因此用户将显示为已身份验证).
In this case, upon authentication with the 'main' firewall, a '_security_primary_auth' property will be set in the user's session. Any subsequent requests inside the 'api' firewill will then use the value of '_security_primary_auth' to establish authentication status (and so the user will appear authenticated).
当然,此身份验证上下文共享将同时进行两种方式(无论它们首先使用主"防火墙还是"api"防火墙进行身份验证)-如果您只想在一个方向上进行瞬态传输,则事情将会更加复杂.
Of course this authentication context sharing will work both ways around (whether they auth first with the 'main' or the 'api' firewall) - if you only wanted transience in one direction, things would be more complex.
希望这会有所帮助.
这篇关于使用一个登录表单对多个symfony2防火墙进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!