Symfony的安全/自定义用户提供：如何获得自定义用户提供内登录密码？ [英] Symfony Security / Custom User Provider : How to get the login password within the custom User Provider?

问题描述

我使用Symfony的安全，在我的系统定制的用户提供。它通过Web服务提供的用户。结果
我按照这个教程配置提供商（ http://symfony.com/doc/电流/菜谱/安全/ custom_provider.html ）。

I'm using Symfony Security with a custom User Provider in my system. It provide users via a web service.
I configure the provider according to this tutorial (http://symfony.com/doc/current/cookbook/security/custom_provider.html).

下面是检查用户的功能：

Here is the function which check the user:

public function loadUserByUsername($username)
{
    $userData = webServiceCheckUser($username);
    // return an array whit user credentials
    if ($userData) {
        $password = $userData['password'];
        $salt = $userData['salt'];
        $roles = $userData['roles'];
        $user = new WebserviceUser($username, $password, $salt, $roles);
        return $user;
    }
    throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
}

这工作得很好，功能 webServiceCheckUser（）调用带有用户名的Web服务，然后将其返回用户数据的数组。但现在我需要通过需要用户名和用户的加密密码验证他的另一个Web服务来检查用户。
我有一个像加密Web服务的明文密码在等待一个函数，但我不能让一个由在自定义用户提供类中的表单登录用户键入的密码。它是确定太多，如果我能得到的密码已被加密。任一个解决问题。

This works fine, the function webServiceCheckUser() call a web service with the username and then it return an array with user data. But now I need to check the user through another web service that requires the username and encrypted password of the user to authenticate him. I have a function that encrypts the plain text password like the web service is waiting, but I can't get the password that was typed by the user in the form login within the custom user provider class. It is ok too if I could get the password already encrypted. Either one solve the problem.

有是无论如何要做到这一点？

There is anyway to do this?

推荐答案

@Pazi是正确的在构建自己的定制身份验证提供者将工作。但是，这不是一件容易的事。

@Pazi is correct in that building your own custom authentication provider will work. However, it's not an easy task.

的另一种方法是重写DaoAuthenticationProvider的时候，并将它传递密码到loadUser功能。

An alternative approach is to override DaoAuthenticationProvider and have it pass the password to the loadUser function.

security_listeners.xml:        
    <parameter key="security.authentication.provider.dao.class">
      Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider
    </parameter>

一个黑客位，但也许它节省工作一个很好的协议。

Bit of a hack perhaps but it saves a good deal of work.

这篇关于Symfony的安全/自定义用户提供：如何获得自定义用户提供内登录密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！