在 Symfony2 中保留失败的身份验证登录尝试
Persist failed authentication login attempts in Symfony2
我正在使用 Symfony2,需要将失败的登录尝试保存到数据库中。
我认为我应该使用以下方法:
// Symfony/Component/Security/Http/Autentication/AbstractAuthenticationListener.php
onFailure()
onSuccess()
但我不确定如何从它们内部访问数据库连接。
运行 数据库如何从这些函数中插入?
您需要在 security.yml
中定义自己的故障处理程序
form_login:
provider: fos_userbundle
login_path: /user/login
csrf_provider: form.csrf_provider
failure_handler: myBundle.login.failure
创建一个服务来处理失败
bundle.login.failure:
class: 'MyBundle\Services\AuthenticationFailureHandler'
arguments: ['@kernel']
然后构建您的故障处理程序:
<?php
namespace MyBundle\Services;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
use Symfony\Component\HttpKernel\HttpKernelInterface;
class AuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
{
public function __construct(HttpKernelInterface $httpKernel)
{
$this->httpKernel = $httpKernel;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
// the auth just failed :-(
}
}
要将尝试保存到数据库,请将您的 Doctrine 管理器注入到服务中,并从 onFail 方法中持久化尝试。
仅用于日志记录,使用 security.authentication.failure 侦听器是一种简单的方法。请参阅 Symfony documentation. You could use this blog post 了解如何将日志持久保存到实际数据库。
namespace AppBundle\EventListener;
use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerAwareTrait;
use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
class AuthenticationFailureListener implements LoggerAwareInterface
{
use LoggerAwareTrait;
public function onFailure(AuthenticationFailureEvent $event)
{
$token = $event->getAuthenticationToken();
$username = $token->getUsername();
$this->logger->info('Authentication failed', ['username' => $username]);
}
}
并且在services.yml
app.authentication_failure_listener:
class: AppBundle\EventListener\AuthenticationFailureListener
calls:
- [setLogger, ['@logger']]
tags:
- { name: monolog.logger, channel: security }
- { name: kernel.event_listener, event: security.authentication.failure, method: onFailure }
我正在使用 Symfony2,需要将失败的登录尝试保存到数据库中。
我认为我应该使用以下方法:
// Symfony/Component/Security/Http/Autentication/AbstractAuthenticationListener.php
onFailure()
onSuccess()
但我不确定如何从它们内部访问数据库连接。
运行 数据库如何从这些函数中插入?
您需要在 security.yml
中定义自己的故障处理程序 form_login:
provider: fos_userbundle
login_path: /user/login
csrf_provider: form.csrf_provider
failure_handler: myBundle.login.failure
创建一个服务来处理失败
bundle.login.failure:
class: 'MyBundle\Services\AuthenticationFailureHandler'
arguments: ['@kernel']
然后构建您的故障处理程序:
<?php
namespace MyBundle\Services;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
use Symfony\Component\HttpKernel\HttpKernelInterface;
class AuthenticationFailureHandler extends DefaultAuthenticationFailureHandler
{
public function __construct(HttpKernelInterface $httpKernel)
{
$this->httpKernel = $httpKernel;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
// the auth just failed :-(
}
}
要将尝试保存到数据库,请将您的 Doctrine 管理器注入到服务中,并从 onFail 方法中持久化尝试。
仅用于日志记录,使用 security.authentication.failure 侦听器是一种简单的方法。请参阅 Symfony documentation. You could use this blog post 了解如何将日志持久保存到实际数据库。
namespace AppBundle\EventListener;
use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerAwareTrait;
use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
class AuthenticationFailureListener implements LoggerAwareInterface
{
use LoggerAwareTrait;
public function onFailure(AuthenticationFailureEvent $event)
{
$token = $event->getAuthenticationToken();
$username = $token->getUsername();
$this->logger->info('Authentication failed', ['username' => $username]);
}
}
并且在services.yml
app.authentication_failure_listener:
class: AppBundle\EventListener\AuthenticationFailureListener
calls:
- [setLogger, ['@logger']]
tags:
- { name: monolog.logger, channel: security }
- { name: kernel.event_listener, event: security.authentication.failure, method: onFailure }