使用一个登录表单验证多个 symfony2 防火墙 [英] Authenticate multiple symfony2 firewalls with one login form
问题描述
我有两个防火墙:
api(用于 API 调用)main(用于其他一切)
api(for API calls)main(for everything else)
我的客户端应用登录是通过 main 防火墙进行的.但是,它确实与 api 防火墙下的端点交互以获取数据.这里的问题是我不想强迫用户再次登录以针对第二个防火墙进行身份验证.
My client app login happens via the main firewall. However, it does interact with endpoints under the api firewall to fetch data. The problem here is that I don't want to force the user to log in a second time for authenticating against the second firewall.
如何仅使用一个登录表单对两个防火墙进行身份验证?
How can I authenticate against both firewalls with just a single login form?
推荐答案
也许你可以试试 'context' 防火墙属性.
Perhaps you could try the 'context' firewall property.
假设您有一个类似这样的配置(大概是这样的):
Say you have a configuration something like this (which presumably you do):
security:
// providers etc ...
firewall:
main:
pattern: # ...
provider: my_users
http_basic: ~
api:
pattern: # ...
provider: my_users
http_basic: ~
在这种情况下,用户的会话在通过main"防火墙进行身份验证后将包含一个_security_main"属性,然后当他们尝试访问api"位置时,他们将被提示重新进行身份验证,然后将获得一个_security_api"会话属性.
In this case the user's session will contain a '_security_main' property after authenticating against the 'main' firewall, and then when they attempt to access an 'api' location they will be prompted to re-auth and will then gain a '_security_api' session property.
为了防止这种重新提示,您可以将上下文"属性添加到您希望共享相同身份验证的每个防火墙定义中 - 因此:
To prevent this re-prompt, you can add the 'context' property to each firewall definition you wish to share the same authentication - so:
security:
# providers etc ...
firewall:
main:
pattern: # ...
provider: my_users
http_basic: ~
context: primary_auth # new
api:
pattern: # ...
provider: my_users
http_basic: ~
context: primary_auth # new
在这种情况下,在使用主"防火墙进行身份验证时,将在用户会话中设置_security_primary_auth"属性.'api' firewill 中的任何后续请求都将使用 '_security_primary_auth' 的值来建立身份验证状态(因此用户将显示为已通过身份验证).
In this case, upon authentication with the 'main' firewall, a '_security_primary_auth' property will be set in the user's session. Any subsequent requests inside the 'api' firewill will then use the value of '_security_primary_auth' to establish authentication status (and so the user will appear authenticated).
当然,这种身份验证上下文共享将双向工作(无论是首先使用主"防火墙还是api"防火墙进行身份验证)-如果您只想在一个方向上进行短暂性处理,事情会更加复杂.
Of course this authentication context sharing will work both ways around (whether they auth first with the 'main' or the 'api' firewall) - if you only wanted transience in one direction, things would be more complex.
希望这会有所帮助.
这篇关于使用一个登录表单验证多个 symfony2 防火墙的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
