Symfony安全性:使用会话或oauth进行身份验证 [英] Symfony Security: Auth with session or oauth
问题描述
我已经开发了REST API,有两种连接方法:会话和oauth. 基本上,我的网站将使用会话模式,而第三方软件将使用oauth模式.
I have developed a REST API, there are two ways to connect to it: session and oauth. Basically, my website will use the session mode and third-party softwares will use the oauth mode.
我设法使会话和oauth模式都可以在symfony中工作,但是我不能使它们同时工作.
I managed to make make both session and oauth modes to work in symfony, but I can't make them work at the same time.
这是我的防火墙安全配置:
Here is my firewalls security config:
firewalls:
auth_oauth_token:
pattern: ^/auth/oauth/v2/token
security: false
api:
pattern: ^/api
anonymous: false
fos_oauth: true
stateless: true
auth:
pattern: ^/
anonymous: ~
form_login:
login_path: /auth/session/check
check_path: /auth/session/login
always_use_default_target_path: true
default_target_path: /auth/session/check
failure_path: /auth/session/check
failure_forward: false
use_forward: false
failure_forward: false
username_parameter: username
password_parameter: password
post_only: true
remember_me: false
require_previous_session: false
logout:
path: /auth/session/logout
target: /auth/session/logged_out
invalidate_session: false
会话处理:/auth/session. OAuth处理:/auth/oauth. api:/api.
Session handling: /auth/session. OAuth handling: /auth/oauth. Api: /api.
因此,使用此配置,首先使用"api"防火墙,我可以使用令牌登录. 但是,即使使用会话登录,如果我不指定令牌,也将无法访问.
So, with this config, with "api" firewall first, I can log in with a token. But even logged in with a session, if I don't specify the token, I won't have access.
首先使用身份验证"防火墙,我可以使用会话表单登录. 但是,即使我指定了令牌,也无法访问.
With "auth" firewall first, I can log in with the session form. But even if I specify a token, I won't have access.
我为此感到疯狂.我在堆栈上发现了一些有关链提供商的信息,我可能需要链防火墙"之类的东西...如果被禁止,请检查另一个防火墙.
I'm getting crazy with this. I found on stack overflow something about chain providers, I would probably need something like "chain firewall"... if forbidden, check another firewall.
谢谢
推荐答案
我通过复制api控制器的路由来解决,因此我有一个依赖于OAuth2的路由/api/method
和一个依赖于OAuth2的路由/webapi/method
在标准(主)防火墙上:
I solved by duplicating the routes of the api controllers, so that I have a route /api/method
which relies on OAuth2, and a /webapi/method
route which relies on the standard (main) firewall:
在security.yml中:
In security.yml:
firewalls:
api:
pattern: ^/api
fos_oauth: true
stateless: true
oauth_token:
pattern: ^/oauth/v2/token
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
logout: true
anonymous: true
access_control:
- { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
- { path: ^/web-api, roles: [ IS_AUTHENTICATED_FULLY ] }
在routing.yml中:
In routing.yml:
acme_api:
type: rest
prefix: /
resource: "@AcmeBundle/Resources/config/routing_api.yml"
在routing_api.yml中:
In routing_api.yml:
# REST API - OAUTH Access
acme_api_users:
resource: AcmeBundle\Controller\UsersController
type: rest
defaults: {_format: json}
prefix: /api
name_prefix: api_
# REST API - Frontend Client Access
acme_webapi_users:
resource: AcmeBundle\Controller\UsersController
type: rest
defaults: {_format: json}
prefix: /web-api
name_prefix: webapi_
这篇关于Symfony安全性:使用会话或oauth进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!