从AngularJS Symfony2的跨域验证表单返回AnonymousToken [英] Symfony2 cross domain authentication from AngularJS form return AnonymousToken
问题描述
我有两个单独的项目:一个Symfony的项目,返回一些JSON用于身份验证的用户和一个AngularJS项目,这对于获取数据提供UI。
现在,我和防火墙配置的斗争让我的UI做正确的认证。
I have two separate projects: one Symfony project, that return some json for authenticated user and one AngularJS project, that provide UI for retrieving data. Now I struggle with firewall configuration to allow my UI doing correct authentication.
这是我security.yml
security:
encoders:
AppBundle\Entity\User:
algorithm: sha512
encode_as_base64: false
iterations: 10
providers:
api_key_user_provider:
id: app_bundle.api_key_user_provider
entity_user_provider:
entity:
class: AppBundle\Entity\User
property: email
firewalls:
main:
pattern: ^/(?!login).+
stateless: false
simple_preauth:
authenticator: app_bundle.api_key_authenticator
provider: api_key_user_provider
anonymous: ~
logout: ~
context: dashboard
login:
pattern: ^/login
provider: entity_user_provider
form_login:
login_path: /login
check_path: /login/check
csrf_provider: security.csrf.token_manager
anonymous: ~
context: dashboard
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
所以,当我试图从UI张贴凭据/登录/检查,我得到一个结果:
So, when I trying to post credentials from UI to /login/check, I get next result:
AnonymousToken(user="anon.", authenticated=true, roles="")
看来,我的要求是通过处理 AnonymousAuthenticationProvider
而不是 Entity_user_provider
。
因此,我的问题:什么我security.yml配置和如何正确使用做我的客户端表单跨域认证是错误的?作为结果,我需要返回API密钥。我想,我可以在我的安全做到这一点:登录,是不是
So, my question: what is wrong in my security.yml configuration and how correctly doing cross-domain authentication using my client-side form? As result I need to return api-key. I think, I can do it in my Security:login, isn't it ?
(为使我使用NelmioCorsBundle CORS)。
(For enabling CORS I'm using NelmioCorsBundle).
此外,也许这会有所帮助。这是我CORS设置 config.yml
Also, maybe this would helpful. This is my CORS settings in config.yml:
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
origin_regex: false
paths:
'^/' :
allow_credentials: true
origin_regex: true
allow_origin: ['http://my_local_domain_with_angular']
allow_headers: ['*']
expose_headers: ['*']
allow_methods: ['POST', 'GET', 'DELETE', 'PUT', 'HEAD']
max_age: 3600
如果您需要更多的细节,请让我知道!
If you need more details, please, let me know!
感谢您的帮助!
推荐答案
我已经解决了这一点。
首先,我注意到,那 form_login
监听器不是从外在的形式处理数据。所以我用 simple_ preauth
监听器来代替。我已经定义了两个独立的防火墙:
First, I notice, that form_login
listener not processing data from external form. So I use simple_preauth
listener instead. I have defined two separate firewalls:
firewalls:
main:
pattern: ^/(?!login).+
stateless: false
simple_preauth:
authenticator: app_bundle.api_key_authenticator
provider: api_key_user_provider
anonymous: ~
logout: ~
login:
pattern: ^/login
stateless: false
simple_preauth:
authenticator: app_bundle.email_password_authenticator
provider: email_user_provider
anonymous: ~
如果登录成功,接下来我的服务产生 API_KEY
可用于对主
防火墙认证。
If login success, next my service generate api_key
that can be used to authenticate on main
firewall.
有关详细信息,你也可以看到<一个href=\"http://stackoverflow.com/questions/34021192/symfony2-user-password-become-empty-after-calling-service\">my另一个问题。
For details you can see also my another question.
这篇关于从AngularJS Symfony2的跨域验证表单返回AnonymousToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!