问题通过Symfony2的外部API配置用户认证 [英] Problems configuring user authentication by external API on Symfony2
问题描述
我已经验证用户为我的新的Symfony2应用程序的问题。
I have a problem authenticating users for my new Symfony2 application.
这个应用程序获得的所有信息通过API,因此没有使用数据库。当用户进入到登录页面,他介绍的登录表单的用户名和密码。然后,我有使用API调用来验证他。这个API调用返回假,如果它不是一个用户,并返回一个令牌密钥和令牌秘密如果正确的用户。有了这个令牌密钥和密码,在用户会话期间,我可以做我需要使应用程序的所有页面中的所有API请求。一旦用户会话结束和令牌密钥和密码被删除,用户重新登录。
This applications gets all the info through an API, so no database is used. When a user goes to login page, he introduce the user and password in the login form. Then, I have to authenticate him using an API call. This API call returns "false" if it's not a user, and return a token key and a token secret if its a correct user. With this token key and secret, during the user session, I can make all the API requests I need for rendering all the pages of the application. Once the user session is over and token key and secret are erased, the user has to login again.
我真的不知道怎么TI实施。我读这 http://symfony.com/doc/current/cookbook/security/ custom_provider.html 和的http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html,我还在这样就失去了...:(
I don't know really how ti implement that. I read this http://symfony.com/doc/current/cookbook/security/custom_provider.html and that http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html, and I'm still so lost... :(
任何一个能帮助我吗?
感谢你这么多:)
推荐答案
如果你想要编写自定义验证你已经找到了正确的链接。举个例子,你可以看到OAuth授权 HWIOAuthBundle 的实施。但请记住,这种类型的身份验证在系统上创建一个用户。如果你不使用数据库,您必须对API每次用户发送请求的请求。
If you want to write custom authentication you have found the correct links. As an example you can see the implementation of the OAuth authorization HWIOAuthBundle. But keep in mind that this type of authentication creates a user on your system. If you do not use a database, you must make a request to the API every time user send a request.
首先,你要明白,没有魔法。在每次请求的symfony检查URL匹配指定的防火墙之一(见secutity.yml)。侦听解雇你可以在防火墙的工厂看看。如果发现匹配,动作切换到相应的<一个href=\"http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html#the-listener\"相对=nofollow> AuthenticationListener 。监听器试图通过创建令牌,该令牌sended到<一个验证credewntials href=\"http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html#the-authentication-provider\"相对=nofollow>的AuthenticationProvider
First you need to understand that there is no magic. On every request symfony checks if url matches one of the specified firewalls (see secutity.yml). Listener that fired you can see in the firewall factory. If matches are found, the action switches to the corresponding AuthenticationListener. Listener attempts to authenticate the credewntials by creating Token, which is sended to AuthenticationProvider
$this->authenticationManager->authenticate(new UsernamePasswordToken($username, $password, $this->providerKey));
在的AuthenticationProvider
in AuthenticationProvider
public function authenticate(TokenInterface $token) {
...
}
的AuthenticationProvider尝试通过UserProvider获取用户。在成功的情况下,令牌存储在会话。在随后的请求,ContextListener进场首先,检查会话,提取令牌,发送到类似的AuthenticationProvider
AuthenticationProvider try to get user via UserProvider. In case of success, Token stored in the session. On subsequent requests, ContextListener comes into play first, checks the session, extract token and send it to AuthenticationProvider similar.
在总体而言,该方案看起来像。更多信息,你可以找到检查Symfony的安全组件的源$ C $ C。
In general terms, the scheme looks like that. More info you can find examining the source code of Symfony Security component.
真的很好的出发点是<一个href=\"https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php\"相对=nofollow> UsernamePasswordFormAuthenticationListener 。它只是需要登录名和密码的请求,并作出简单的UsernamePasswordToken。
Really good starting point is a UsernamePasswordFormAuthenticationListener. It just take login and password from request and make simplest UsernamePasswordToken.
protected function attemptAuthentication(Request $request)
{
...
}
祝你好运!
这篇关于问题通过Symfony2的外部API配置用户认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
