Symfony 3.3.9中忽略了json_login [英] json_login ignored in Symfony 3.3.9
问题描述
我想使用新的json_login身份验证端点. 我有一个基本设置,我要检查表SITE中是否存在站点"用户. 似乎json_login身份验证器被完全忽略了. 未通过对/api/login的POST请求对用户进行身份验证. 看到错误了吗? 谢谢
I want to use the new json_login authentication endpoint. I have a basic setup where I want to check "site" users are present in table SITE. It seems that the json_login authenticator is totally ignored. The user is not authenticated through POST requests to /api/login. Do you see an error ? Thanks
security.yml
security.yml
providers:
site:
id: app.siteUserProvider
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
anonymous: ~
provider: site
pattern: ^/api/
json_login:
check_path: api_login
access_control:
- { path: ^/api/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cache, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/, roles: ROLE_USER }
- { path: ^/, roles: ROLE_USER }
encoders:
AppBundle\Security\User\SiteUserProvider: plaintext
services.yml
services.yml
services:
app.siteUserProvider:
class: AppBundle\Security\User\SiteUserProvider
arguments: ["@service_container"]
SiteUser.php
SiteUser.php
<?php
namespace AppBundle\Security\User;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\EquatableInterface;
use AppBundle\Entity\Site;
class SiteUser implements UserInterface, EquatableInterface
{
private $username;
private $password;
private $salt;
private $roles;
private $site;
public function __construct(Site $site)
{
$this->username = $site->getSiteCode();
$this->password = $site->getSiteCode();
$this->salt = null;
$this->roles = 'ROLE_USER';
$this->site = $site;
}
public function getSite()
{
return $this->site;
}
public function getRoles()
{
return $this->roles;
}
public function getPassword()
{
return $this->password;
}
public function getSalt()
{
return $this->salt;
}
public function getUsername()
{
return $this->username;
}
public function eraseCredentials()
{
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof SiteUser) {
return false;
}
if ($this->password !== $user->getPassword()) {
return false;
}
if ($this->salt !== $user->getSalt()) {
return false;
}
if ($this->username !== $user->getUsername()) {
return false;
}
return true;
}
}
SiteUserProvider.php
SiteUserProvider.php
<?php
namespace AppBundle\Security\User;
use AppBundle\Abstraction\TraitContainerRepositories;
use AppBundle\Security\User\SiteUser;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerAwareTrait;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
class SiteUserProvider implements UserProviderInterface, ContainerAwareInterface
{
use ContainerAwareTrait;
use TraitContainerRepositories;
public function __construct($container)
{
$this->container = $container;
}
public function loadUserByUsername($username)
{
die("good !");
$site = $this->_getSiteRepository()->findOneByCodeSite($username);
if ($site !== null) {
return new SiteUser($site);
} else {
throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
}
}
public function refreshUser(UserInterface $user)
{
if (!$user instanceof SiteUser) {
throw new UnsupportedUserException(
sprintf('Instances of "%s" are not supported.', get_class($user))
);
}
return $this->loadUserByUsername($user->getUsername());
}
public function supportsClass($class)
{
return SiteUser::class === $class;
}
}
SecurityController.php
SecurityController.php
/**
* @Route("/api/login", name="api_login")
*/
public function apiLoginAction(Request $request, UserInterface $user)
{
// voir security.yml
return $this->json(array('status' => 'authentication required'), 403);
}
推荐答案
请确保您的POST请求标头包含:
Please ensure that your POST request header contains:
Content-Type:application/json
否则,安全系统将不会拦截该请求,并且用户也不会获得用户身份验证.
Otherwise, the request will not be intercepted by the security system and the user will not get user authenticated.
这篇关于Symfony 3.3.9中忽略了json_login的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!