如何安静地登录，Symfony2 Security，FOSUserBundle，FOSRestBundle? [英] How to restfully login, Symfony2 Security, FOSUserBundle, FOSRestBundle?

问题描述

我希望能够通过 ws 登录.

我试图用指向 /login 的 curl 来模拟这个，但它只处理 HTML 等.顺便说一句，它需要一个我不想要的 CSRF.

所以我想要么禁用 CRSF(来自 login_check)，要么自己找到一种方法.

我可以覆盖在捕获路由 login_check 时使用的 LoginListener(它在哪里?).

有什么线索吗?

解决方案

有很多方法可以为 REST Web 服务提供身份验证和授权，但最被接受的一种似乎是 OAuth.Facebook、Twitter、Google、Github 等都在使用它.

Friends Of Symfony 的人有一个包可以在 Symfony2 上实现 OAuth 身份验证和授权:https://github.com/FriendsOfSymfony/FOSOAuthServerBundle，我认为这就是您要找的.

有关 Oauth 的更多信息，Cloudfoundry 的人发布了一个有趣的 文章几天前.

关于您可以使用的其他选项，一个简单的选项是基本身份验证:

防火墙:主要的:模式:^/休息匿名:~form_login: 假提供者:fos_user_bundlehttp_基本:领域:REST 服务领域"

我看到仍然有人投票这个答案，我认为需要注意的是，在撰写此答案时，JWT 还不是一个选项，但也许它比 OAuth 更好一些用例(例如，当 API 将被您自己的应用程序使用时).所以这里是一个很好的 Symfony2/3 JWT 实现的链接:https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md

I'd like to be able to login via a ws.

I've tried to simulate this with curl pointing to /login but it only handles HTML, etc. By the way, it requires a CSRF which I don't want.

So I'd like to either disable the CRSF (from the login_check) or find a way to do it myself.

Can I override the LoginListener (where is it?) which is used when the route login_check is catched.

ANy clues?

解决方案

There are many ways to provide authentication and authorization to a REST Web Service but the most accepted one seems to be OAuth. Facebook, Twitter, Google, Github and the like use it.

The people at Friends Of Symfony has a bundle to implement OAuth authentication and authorization on Symfony2: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle and I think this is what you are looking for.

EDIT: For more information on Oauth, the people at Cloudfoundry posted an interesting article a couple of days ago.

About other options you can use, a simple one is basic authentication:

firewalls:
    main:         
        pattern: ^/rest
        anonymous: ~
        form_login: false            
        provider: fos_user_bundle
        http_basic:
            realm: "REST Service Realm"

EDIT2: As I see that there is still people voting this answer I think that it is needed to note that at the time of writing this answer JWT was not an option yet, but that maybe it is a better option than OAuth on some use cases (e.g. When the API is going to be consumed by your own apps). So here is a link to a good JWT implementation for Symfony2/3: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md

这篇关于如何安静地登录，Symfony2 Security，FOSUserBundle，FOSRestBundle?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！