具有相同模式的多个防火墙
Multiples firewalls with same pattern
我目前有以下配置,
从外部消费者发送令牌时,端点 /api 工作正常。
但我现在想在使用会话的应用程序中使用 ajax 重用此模式 ^/api。如何配置防火墙以无状态或会话方式为我工作?
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
App\Entity\User\User:
algorithm: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
app_user_provider:
entity:
class: App\Entity\User\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
logout:
pattern: ^/api/logout
stateless: true
anonymous: true
logout:
path: app_logout
success_handler: "app.webservice_logout_success_listener"
api:
pattern: ^/api
stateless: true
anonymous: true
provider: app_user_provider
json_login:
check_path: /api/login_check
username_path: username
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
admin:
context: user
switch_user: true
pattern: ^/
anonymous: ~
provider: fos_userbundle
form_login:
login_path: admin_login
check_path: admin_login
default_target_path: easyadmin
failure_path: admin_login
logout:
path: /logout
target: /login
我找到了解决办法,很抱歉抽空回复。
解决方案我不知道这是否是最好的方法,但我想知道关于其他可能实现的意见。
一方面,我启用Lexik,获取cookie的token。
# config/packages/lexik_jwt_authentication.yaml
lexik_jwt_authentication:
# some_config:
token_extractors:
# check token in a cookie
cookie:
enabled: true
name: Bearer
另一方面,当用户通过会话进行身份验证时,我会覆盖该函数,设置 cookie 并使用 Lexikprogrammatically 生成的令牌
<?php
namespace App\Security;
use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler as BaseDefaultAuthenticationSuccessHandler;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Http\HttpUtils;
class DefaultAuthenticationSuccessHandler extends BaseDefaultAuthenticationSuccessHandler
{
private $JWTManager;
public function __construct(
JWTTokenManagerInterface $JWTManager,
HttpUtils $httpUtils,
array $options = []
)
{
parent::__construct($httpUtils, $options);
$this->JWTManager = $JWTManager;
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
/** @var Response $response */
$response = parent::onAuthenticationSuccess($request, $token);
$response->headers->setCookie(Cookie::create('Bearer', $this->JWTManager->create($token->getUser())));
return $response;
}
}
我目前有以下配置, 从外部消费者发送令牌时,端点 /api 工作正常。
但我现在想在使用会话的应用程序中使用 ajax 重用此模式 ^/api。如何配置防火墙以无状态或会话方式为我工作?
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
App\Entity\User\User:
algorithm: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
app_user_provider:
entity:
class: App\Entity\User\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
logout:
pattern: ^/api/logout
stateless: true
anonymous: true
logout:
path: app_logout
success_handler: "app.webservice_logout_success_listener"
api:
pattern: ^/api
stateless: true
anonymous: true
provider: app_user_provider
json_login:
check_path: /api/login_check
username_path: username
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
admin:
context: user
switch_user: true
pattern: ^/
anonymous: ~
provider: fos_userbundle
form_login:
login_path: admin_login
check_path: admin_login
default_target_path: easyadmin
failure_path: admin_login
logout:
path: /logout
target: /login
我找到了解决办法,很抱歉抽空回复。 解决方案我不知道这是否是最好的方法,但我想知道关于其他可能实现的意见。
一方面,我启用Lexik,获取cookie的token。
# config/packages/lexik_jwt_authentication.yaml
lexik_jwt_authentication:
# some_config:
token_extractors:
# check token in a cookie
cookie:
enabled: true
name: Bearer
另一方面,当用户通过会话进行身份验证时,我会覆盖该函数,设置 cookie 并使用 Lexikprogrammatically 生成的令牌
<?php
namespace App\Security;
use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler as BaseDefaultAuthenticationSuccessHandler;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Http\HttpUtils;
class DefaultAuthenticationSuccessHandler extends BaseDefaultAuthenticationSuccessHandler
{
private $JWTManager;
public function __construct(
JWTTokenManagerInterface $JWTManager,
HttpUtils $httpUtils,
array $options = []
)
{
parent::__construct($httpUtils, $options);
$this->JWTManager = $JWTManager;
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
/** @var Response $response */
$response = parent::onAuthenticationSuccess($request, $token);
$response->headers->setCookie(Cookie::create('Bearer', $this->JWTManager->create($token->getUser())));
return $response;
}
}