使用FOSRestBundle和FOSUserBundle的具有RESTful身份验证的Symfony2 App [英] Symfony2 App with RESTful authentication, using FOSRestBundle and FOSUserBundle
问题描述
我正在为我的JS驱动的应用程序制作REST API.
I'm making REST API for my JS driven app.
登录期间,登录表单通过AJAX提交到我的API的网址/rest/login
.
During login, the login form is submitted via AJAX to url /rest/login
of my API.
- 如果登录成功,则返回204
- 如果失败,则返回401
尽管我为API和应用程序本身分离了防火墙,但它们共享相同的上下文,这意味着,当用户根据API进行身份验证时,他也针对应用程序进行了身份验证.因此,当服务器返回204时,页面将重新加载,并且应将用户重定向到该应用,因为该用户现在已登录.
While I have separated firewalls for the API and the app itself, they share the same context which should mean, that when user authenticates against the API, he's authenticated against the app too. So, when the server returns 204, page will reload and it should redirect user to the app, because he's now logged in.
我尝试使用FOSUserBundle的预制check_login
页面,并在其中指向/rest/login
.
I tried to use pre-made check_login
page of the FOSUserBundle and pointed /rest/login
there.
login:
path: /rest/login
defaults:
_controller: FOSUserBundle:Security:check
methods: [ POST ]
那是行不通的,因为无论如何它总是返回重定向.我阅读了symfony的文档,但是找不到如何制作自定义的check_login
页面.我需要的是这样的东西
That doesn't work, because it always returns redirect, no matter what. I read documentation for symfony and couldn't find, how to make a custom check_login
page. What I need is something like this
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use FOS\RestBundle\Controller\Annotations\View;
class SecurityController {
/**
* @View(statusCode=204)
*/
public function loginAction($username, $password) {
/* first I need to somehow authenticate user
using normal authentication, that I've set up */
...
/* Then I need to return 204 or throw exception,
based on result.
This is done using FOSRestBundle and it's
listeners. */
if(!$succesful) {
throw new AuthenticationException();
}
}
}
我不知道该怎么做.我在任何文档中都找不到任何帮助.如果有任何建议能为我指明正确的方向,我将不胜感激.
I don't have a clue how to do that. Nothing I found in any documentation helped me a bit. I will be thankful for any suggestion that would point me in right direction.
为了进一步简化,我的目标是.我希望我的登录功能与普通的 form_login 完全相同.我只想更改返回的响应-而不是重定向,我希望成功时为204,失败时为401.
To further simplify, what I'm aiming for. I want my login to function exactly the same as normal form_login. I only want to change the response, that it sends back - instead of redirect I want 204 on success and 401 on failure.
推荐答案
我能够找到一个简单的解决方案.我只需要编写一个实现AuthenticationSuccessHandlerInterface
和AuthenticationFailureHandlerInterface
的类.
I was able to find a simple solution. I only needed to write a class, that implements AuthenticationSuccessHandlerInterface
and AuthenticationFailureHandlerInterface
.
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
class AuthenticationRestHandler implements AuthenticationSuccessHandlerInterface, AuthenticationFailureHandlerInterface {
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) {
return new Response('', Response::HTTP_UNAUTHORIZED);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token) {
return new Response('', Response::HTTP_NO_CONTENT);
}
}
然后我将其注册为服务并配置为防火墙的处理程序.
Then I registered it as a service and configured as handlers for the firewall.
services:
security.authentication_rest_handler:
class: AuthenticationRestHandler
security:
firewalls:
rest:
pattern: ^rest
context: app
form_login:
check_path: /rest/login
provider: fos_userbundle
failure_handler: inspireon.security.authentication_rest_handler
success_handler: inspireon.security.authentication_rest_handler
username_parameter: login
password_parameter: password
问题已解决,不需要复杂的身份验证提供程序:-)
Problem solved and no complicated authentication provider needed :-)
这篇关于使用FOSRestBundle和FOSUserBundle的具有RESTful身份验证的Symfony2 App的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!