使用web服务的Symfony2认证 [英] Symfony2 authentication using a webservice
问题描述
我的应用程序使用的网络服务来检查用户名和密码是正确的。我只是给从登录表单的用户名和密码,以简单的方式是这样的:
My application uses a webservice to check if the username and password are correct. I just send the username and password from the login form in a simple manner like this:
的https://主机/校验用户名= Admin&放大器;密码= 12345
WebService的是另一台服务器上,它是从应用程序也通讯是加密才能访问。
The webservice is on another server and it's only accessible from the app also the communication is encrypted.
认证后的WebService返回我需要了解用户(姓名,电子邮件等)的所有信息,所以因为这个我不保留任何东西在数据库中
After authentication the webservice returns all the information i need about the user (name, email etc) so because of this i don't keep anything in the database.
在symfony中1,这是很容易做到,但我看到symfony的2安全组件喜欢的事情变得复杂了很多。
In symfony 1 this was very easy to do but i see that the symfony 2 security component likes to complicate the things a lot.
什么是实现这种认证在symfony中2的最佳方法?
What is the best approach to implement this kind of authentication in symfony 2?
感谢您
推荐答案
我相信你想做的事都有它自己的页面的文件中。看看如何创建自定义的用户提供,它提供了你如何使用web服务为您的用户进行身份验证好看演练。
I believe that what you want to do has it's own page in the documentation. Take a look at How to create a custom user provider, it gives a nice walkthrough of how you can use a webservice to authenticate your user.
更新:
是的,我分享的链接会告诉你如何创建一个用户提供。而这正是你必须做什么。在该页面中的第一段,它说:
Yes, the link I shared tells you how to create a User Provider. And that is exactly what you must do. In the very first paragraph of this page, it says:
当用户提交用户名和密码,认证询问层配置的用户提供返回用户对象为特定的用户名。
When a user submits a username and password, the authentication layer asks the configured user provider to return a user object for a given username.
所以,你需要创建一个扩展的UserInterface ,该类应该有从Web服务返回的所有属性(也默认情况下,的UserInterface类需要一些特性,如用户名,密码,盐和角色。但是,盐和角色可以是空白,如果你不使用它们)。
So you need to create a class that extends the UserInterface, and this class should have all the properties that are returned from your web service (also by default, the UserInterface requires a few properties, such as username, password, salt, and roles. But salt and roles can be blank if you don't use them).
然后创建一个用户提供一个实现了 UserProviderInterface 。这将使它这样,当你执行登录功能 loadUserByUsername 被调用。在此功能,你执行你的web服务请求时,发送的凭据。您请求的响应可以被映射到您创建User类。然后你返回你与从您的web服务返回的数据创建的用户对象。
Then you create a User Provider that implements the UserProviderInterface. This will make it so that the function loadUserByUsername is called when you perform a login. In this function, you perform your webservice request, sending the credentials. The response of your request can then be mapped to your User class that you created. Then you return the User object that you created with the data that was returned from your webservice.
为了让Symfony的知道你想要使用自定义的用户提供您的表单登录,您需要为您的用户提供创建服务。因此,在的src / Acme的/ WebserviceUserBundle /资源/配置/ services.yml (您可能需要创建该文件),你可以当它在文档概述添加一个服务:
In order for Symfony to know that you want to use your custom User Provider for your form login, you need to create a service for your user provider. So in src/Acme/WebserviceUserBundle/Resources/config/services.yml (you may need to create the file), you can add a service as it outlines in the docs:
parameters:
# path to the user provider you just created
webservice_user_provider.class: Acme\WebserviceUserBundle\Security\User\WebserviceUserProvider
services:
webservice_user_provider:
class: "%webservice_user_provider.class%"
一旦你创建了这个服务,那么你就告诉你的表单登录使用这个自定义提供。在security.yml:
Once you have this service created, then you just tell your form login to use this custom provider. In security.yml:
security:
providers:
webservice:
# this id is the name of the service you created
id: webservice_user_provider
另外,如果你的密码在你的web服务进行加密,您应该确保Symfony的加密用同样的方式做比较。因此,在security.yml你可以添加
Also, if your password is encrypted in your webservice, you should make sure that Symfony encrypts it the same way to do the comparison. So in security.yml you can add
security:
encoders:
Acme\WebserviceUserBundle\Security\User\WebserviceUser: sha512 # or md5, or others
这篇关于使用web服务的Symfony2认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
