Symfony安全认证 [英] Symfony Security Authentication
本文介绍了Symfony安全认证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
为什么在调试面板"中看到您未通过身份验证".这个我有打印屏幕,这个我要 symfony_book ,如果我在家,一切正常,但是:/p>
在我的变体中,用户在另一个网站上进行身份验证,我的网站上有GET方法的用户数据-电子邮件,秘密密钥和参考
http://aog.local/app_dev.php/auth/enko@gmail.com/962cc9a06924034d1285e8d75b2faf2d/00223311121 该如何进行身份验证,如何进行身份验证以显示全局变量用户打印屏幕????
我创建了auth服务,但该服务未通过身份验证
我使用Symfony 2.6,并具有实体Developer和User扩展SUser-> SUser实现UserInterface,thgis正在为auth路由:
#Enter路由artel_profile_auth:路径:/auth/{email}/{secretKey}/{referenceId}默认值:{_controller:ArtelProfileBundle:DeveloperProfile:auth}login_route:路径:/login默认值:{_controller:ArtelProfileBundle:Security:login}login_check:路径:/login_check默认值:{_controller:ArtelProfileBundle:Security:securityCheck}指数:图案: /默认值:{_controller:ArtelProfileBundle:Security:index} 和动作:
公共功能authAction($ email,$ secretKey,$ referenceId){$ authenticator = $ this-> get('artel.profile.authenticator');尝试 {$ authDeveloper = $ authenticator-> auth($ email,$ secretKey,$ referenceId);return $ this-> redirect($ this-> generateUrl('artel_profile_homepage',array('username'=> $ authDeveloper-> getUsername())).'#personal-information');} catch(\ Exception $ error){返回新的Response($ error-> getCode().':'.$ error-> getMessage());}} 和artel.profile.authenticator:
<?php命名空间Artel \ ProfileBundle \ Helper;类验证器{const SESSION_NAME ='developer_auth';私人$ session;私人$ secretAppKey;私人$ developerRepository;私人$ codeuserreferenceRepository;公共函数__construct($ session,$ secretAppKey,$ developerRepository,$ codeuserreferenceRepository){$ this-> session = $ session;$ this-> secretAppKey = $ secretAppKey;$ this-> developerRepository = $ developerRepository;$ this-> codeuserreferenceRepository = $ codeuserreferenceRepository;}公共功能auth($ email,$ secretKey,$ referenceId){$ this-> validateSecretAppKey($ secretKey,$ referenceId);//todo:我们需要将$ referenceId与validateDeveloper中的电子邮件进行匹配$ developer = $ this-> validateDeveloper($ referenceId);$ this-> setSession($ developer);返回$ developer;}公共功能authAdmin($ email,$ secretKey,$ referenceId){$ this-> validateSecretAppKey($ secretKey,$ referenceId);//todo:我们需要将$ referenceId与validateDeveloper中的电子邮件进行匹配$ developer = $ this-> validateAdminDeveloper($ referenceId);$ this-> setSession($ developer);返回$ developer;}公共功能检查($ developer){$ result = false;$ session = $ this-> session-> get(self :: SESSION_NAME);if($ session&& $ session == $ developer-> getId()){$ result = true;}返回$ result;}公共功能logout(){$ this->会话->删除(self :: SESSION_NAME);}受保护的函数validateDeveloper($ referenceId){$ code_user_reference = $ this-> codeuserreferenceRepository-> findOneByCodereference($ referenceId);$ id = $ code_user_reference-> getDeveloper()-> getId();$ developer = $ this-> developerRepository-> findOneById($ id);如果(!$ developer){$ this-> exception('找不到开发人员',100);}返回$ developer;}受保护的函数validateAdminDeveloper($ referenceId){$ code_user_reference = $ this-> codeuserreferenceRepository-> findOneByCodereference($ referenceId);$ id = $ code_user_reference-> getDeveloper()-> getId();$ developer = $ this-> developerRepository-> findOneById($ id);$ role = $ developer-> getRole();如果($ role!='ROLE_ADMIN'){$ this-> exception('developer not Admin',100);}返回$ developer;}受保护的函数validateSecretAppKey($ secretKey,$ referenceId){如果($ secretKey!= md5($ referenceId.$ this-> secretAppKey)){$ this-> exception('秘密ket无效',101);}}受保护的函数setSession($ developer){$ this->会话-> set(self :: SESSION_NAME,$ developer-> getId());}受保护的函数异常($ message,$ code){抛出新的\ Exception($ message,$ code);}} 但是在调试面板中:您未通过身份验证."这是我的安全,也许是问题所在?|
安全性:编码器:Artel \ ProfileBundle \ Entity \ Users:算法:sha1encode_as_base64:否迭代次数:1Artel \ ProfileBundle \ Entity \ Developers:算法:sha1encode_as_base64:否迭代次数:1Symfony \ Component \ Security \ Core \ User \ User:纯文本role_hierarchy:ROLE_CLIENT:ROLE_USERROLE_COMPANY:ROLE_USERROLE_FREELANCER:ROLE_USERROLE_ADMIN:[ROLE_MODERATOR,ROLE_CLIENT,ROLE_COMPANY,ROLE_FREELANCER]ROLE_SUPER_ADMIN:[ROLE_USER,ROLE_MODERATOR,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]提供者:chain_provider:链:提供者:[user_db,user_dev,in_memory]提供者:[user_dev,in_memory]user_db:实体:{类:Artel \ ProfileBundle \ Entity \ Users,属性:电子邮件}user_dev:实体:{类:Artel \ ProfileBundle \ Entity \ Developer,属性:电子邮件}在记忆中:记忆:用户:admin_tyty:{密码:adminpass_tyty,角色:['ROLE_ADMIN']}防火墙:默认:匿名:〜http_basic:〜form_login:login_path:/登录check_path:/login_check访问控制:-{路径:^/login,角色:IS_AUTHENTICATED_ANONYMOUSLY}-{路径:^/,角色:ROLE_ADMIN} 在我的变体中,用户在另一个网站上进行身份验证,我的网站上有GET方法的用户数据-电子邮件,秘密密钥和参考
http://aog.local/app_dev.php/auth/enko@gmail.com/962cc9a06924034d1285e8d75b2faf2d/00223311121 解决方案
您应该通过自己的登录表单实施身份验证,以便用户可以实际进行身份验证:printscreen and this I want printscreen I use the symfony_book and if I have home all works fine BUT:
In my variant, user authenticate in ANOTHER SITE and my site I have user data for GET methods - EMAIL, SECRET KEY AND REFERENCE
http://aog.local/app_dev.php/auth/enko@gmail.com/962cc9a06924034d1285e8d75b2faf2d/00223311121
How have this I can do authentication, how do I authenticate to appear global variable user printscreen ????
I create auth service bit this service not authenticate
I use Symfony 2.6 and have entity Developer and User extends SUser -> SUser implements UserInterface thgis is routing for auth:
#Enter routing
artel_profile_auth:
path: /auth/{email}/{secretKey}/{referenceId}
defaults: { _controller: ArtelProfileBundle:DeveloperProfile:auth }
login_route:
path: /login
defaults: { _controller: ArtelProfileBundle:Security:login }
login_check:
path: /login_check
defaults: { _controller: ArtelProfileBundle:Security:securityCheck }
index:
pattern: /
defaults: { _controller: ArtelProfileBundle:Security:index }
and Action:
public function authAction($email, $secretKey, $referenceId)
{
$authenticator = $this->get('artel.profile.authenticator');
try {
$authDeveloper = $authenticator->auth($email, $secretKey, $referenceId);
return $this->redirect($this->generateUrl('artel_profile_homepage', array('username' => $authDeveloper->getUsername())) .'#personal-information');
} catch (\Exception $error) {
return new Response($error->getCode() . ': '.$error->getMessage());
}
}
and artel.profile.authenticator:
<?php
namespace Artel\ProfileBundle\Helper;
class Authenticator
{
const SESSION_NAME = 'developer_auth';
private $session;
private $secretAppKey;
private $developerRepository;
private $codeuserreferenceRepository;
public function __construct($session, $secretAppKey, $developerRepository, $codeuserreferenceRepository)
{
$this->session = $session;
$this->secretAppKey = $secretAppKey;
$this->developerRepository = $developerRepository;
$this->codeuserreferenceRepository = $codeuserreferenceRepository;
}
public function auth($email, $secretKey, $referenceId)
{
$this->validateSecretAppKey($secretKey, $referenceId);
//todo: We need to match $referenceId with email in validateDeveloper
$developer = $this->validateDeveloper($referenceId);
$this->setSession($developer);
return $developer;
}
public function authAdmin($email, $secretKey, $referenceId)
{
$this->validateSecretAppKey($secretKey, $referenceId);
//todo: We need to match $referenceId with email in validateDeveloper
$developer = $this->validateAdminDeveloper($referenceId);
$this->setSession($developer);
return $developer;
}
public function check($developer)
{
$result = false;
$session = $this->session->get(self::SESSION_NAME);
if ($session && $session == $developer->getId()) {
$result = true;
}
return $result;
}
public function logout()
{
$this->session->remove(self::SESSION_NAME);
}
protected function validateDeveloper($referenceId)
{
$code_user_reference = $this->codeuserreferenceRepository->findOneByCodereference($referenceId);
$id = $code_user_reference->getDeveloper()->getId();
$developer = $this->developerRepository->findOneById($id);
if (! $developer) {
$this->exception('developer not found', 100);
}
return $developer;
}
protected function validateAdminDeveloper($referenceId)
{
$code_user_reference = $this->codeuserreferenceRepository->findOneByCodereference($referenceId);
$id = $code_user_reference->getDeveloper()->getId();
$developer = $this->developerRepository->findOneById($id);
$role = $developer->getRole();
if ($role != 'ROLE_ADMIN') {
$this->exception('developer not Admin', 100);
}
return $developer;
}
protected function validateSecretAppKey($secretKey, $referenceId)
{
if ($secretKey != md5($referenceId.$this->secretAppKey)) {
$this->exception('secret ket is not valid', 101);
}
}
protected function setSession($developer)
{
$this->session->set(self::SESSION_NAME, $developer->getId());
}
protected function exception($message, $code)
{
throw new \Exception($message, $code);
}
}
But in debug panel: "You are not authenticated. " This is my secyrity, maybe the problem?|
security:
encoders:
Artel\ProfileBundle\Entity\Users:
algorithm: sha1
encode_as_base64: false
iterations: 1
Artel\ProfileBundle\Entity\Developers:
algorithm: sha1
encode_as_base64: false
iterations: 1
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_CLIENT: ROLE_USER
ROLE_COMPANY: ROLE_USER
ROLE_FREELANCER: ROLE_USER
ROLE_ADMIN: [ROLE_MODERATOR, ROLE_CLIENT, ROLE_COMPANY, ROLE_FREELANCER]
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_MODERATOR, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chain_provider:
chain:
providers: [user_db, user_dev, in_memory]
providers: [user_dev, in_memory]
user_db:
entity: { class: Artel\ProfileBundle\Entity\Users, property: email }
user_dev:
entity: { class: Artel\ProfileBundle\Entity\Developer, property: email }
in_memory:
memory:
users:
admin_tyty: { password: adminpass_tyty, roles: [ 'ROLE_ADMIN' ] }
firewalls:
default:
anonymous: ~
http_basic: ~
form_login:
login_path: /login
check_path: /login_check
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
In my variant, user authenticate in ANOTHER SITE and my site I have user data for GET methods - EMAIL, SECRET KEY AND REFERENCE
http://aog.local/app_dev.php/auth/enko@gmail.com/962cc9a06924034d1285e8d75b2faf2d/00223311121
解决方案
You should implement authentication via your own login form, so users can actually authenticate: http://symfony.com/doc/current/cookbook/security/form_login_setup.html
If your form has the proper routes, Symfony will handle the rest.
这篇关于Symfony安全认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
