如何从覆盖的安全组件的类? [英] How to overwrite a class from the Security Component?
问题描述
我在我的API(捷希凯)使用基本认证,端点接收用户+ PW从客户,通过验证基本身份验证用户,然后返回到被用于进一步的请求令牌。现在我的应用程序,使得AJAX调用的时候,如果凭据是正确的,一切工作顺利。如果凭据是错误的,该API返回401和一套WWW-Authenticate头。这将导致浏览器自动显示默认的浏览器登录表单。
I am using Basic Auth in my API (Silex), an endpoint receives user+pw from client, validates the user via basic auth and then returns the token to be used for further requests. Now when my app makes an AJAX call, if the credentials are right, everything works smooth. If the credentials are wrong, the API returns a 401 and a set WWW-Authenticate header. This causes the browsers to automatically show the default browser login form.
我不希望这样的事情发生。在StackOverflow的,他们说只有两个解决方案是要么返回400而不是401,或到WWW-Authenticate头更改为类似FormBased'。
I don't want that to happen. In StackOverflow, they say the only two solutions are to either return a 400 instead of a 401, or to change the WWW-Authenticate header to something like 'FormBased'.
这两种状态code设置为401和WWW身份验证基本......在BasicAuthenticationEntryPoint.php的安全组件。
Both the statusCode is set to 401 and the WWW-Authenticate to "Basic ..." in the BasicAuthenticationEntryPoint.php in the Security Component.
如果我申请相应的修改,它的作品...但我需要有一个为我的项目OFC的一部分......我应该如何覆盖的Symfony \\分量\\安全\\ HTTP \\入口点\\ BasicAuthenticationEntryPoint.php去适应它我的需要?如果有一个解决办法的任何想法?我的理解,这应该是一个很常见的问题,它怎么通常解决?
If I apply the changes there, it works... but I need to have that as part of my project ofc... How should I overwrite Symfony\Component\Security\Http\EntryPoint\BasicAuthenticationEntryPoint.php to adapt it to my needs? any idea if there's a workaround? I understand this should be a very common problem, how is it generally solved?
推荐答案
好了,所以这里就是我所做的,以防有人不禁要问:
Ok so here's what I did in case someone wonders:
首先在我的安全文件夹中,我创建了自己的BasicAuthenticationEntryPoint.php版本
First in my Security folder, I created my own version of the BasicAuthenticationEntryPoint.php
<?php
/*
* Redefinition of the Symfony's BasicAuthenticationEntryPoint
*/
namespace multikanban\multikanban\Security\Http\EntryPoint;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
/**
* BasicAuthenticationEntryPoint starts an HTTP Basic authentication.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class BasicAuthenticationEntryPoint implements AuthenticationEntryPointInterface
{
private $realmName;
public function __construct($realmName)
{
$this->realmName = $realmName;
}
/**
* {@inheritdoc}
*/
public function start(Request $request, AuthenticationException $authException = null)
{
$response = new Response();
$response->headers->set('WWW-Authenticate', 'FormBased');
$response->setStatusCode(401);
return $response;
}
}
请注意,我做了两件事:
Note that I did two things:
- 添加使用的AuthenticationEntryPointInterface。
- 更改WWW身份验证值'FormBased',这是实际的修改原始文件,从而使浏览器不显示默认的提示,当服务器返回401未经授权。 (你也可以返回一个400,但那么你就不会真正符合该标准)
二,我在Silex的应用程序中定义的服务,像这样:
Second, I defined the service in my Silex Application like so:
$this['security.entry_point.main.http'] = $this->share(function() {
return new BasicAuthenticationEntryPoint('main');
});
主是我的防火墙名称。
'main' being my firewall name.
显然,我还增加了使用的Application.php的顶部:
Obviously, I also added the use at the top of the Application.php:
use multikanban\multikanban\Security\Http\EntryPoint\BasicAuthenticationEntryPoint;
这篇关于如何从覆盖的安全组件的类?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
