Symfony2实体用户提供程序覆盖自定义身份验证提供程序

Question

My Symfony2 custom authentication provider now appears to be working .

User Provider

I almost used the FOSUserBundle but I don't even have email addresses for my users and I don't need the added functionality or complication.

So instead I'm just using the entity provider .

I set my encoder to plaintext because the API client library handles that for me, but alas, another snag: it seems like Users are now being authenticated against these User records .

Before I implemented the entity user provider, my login form gave me valid responses: correct credentials yielded no error, bad credentials resulted in my custom "incorrect user/pass error".

Now, even if I supply credentials I know to be correct, all I get is the error message "Bad credentials," as if I'm implementing the UserAuthenticationProvider , but to the best of my knowledge, I'm not. My custom provider directly implements the AuthenticationProviderInterface .

So at the moment I assume I have incorrectly implemented the entity user provider, such that it is somehow overriding my custom authentication provider. What's the correct way to configure the entity user provider and a custom authentication provider, at the same time?

Files

• /app/config/security.yml
• /src/WordRot/PlayBundle/Security/Authentication/Provider/WordnikProvider.php

Relevant section of security.yml

encoders:
    WordRot\PlayBundle\Entity\User: plaintext

providers:
    wordnik_users:
        entity: { class: WordRotPlayBundle:User, property: username }

firewalls:
    wordnik_secured:
        pattern: ^/play
        logout: ~
        anonymous: ~
        # The next line specifies the custom authentication provider:
        wordnik: true 
        form_login:
            provider: wordnik_users
            login_path:  /login
            check_path:  /play_check
            # on success
            always_use_default_target_path: true
            default_target_path: /play

EDIT

This might prove useful . It's a diff on the master branch...

• From when the custom auth provider ( WordnikProvider ) still got executed (a473d354)
• To the most recent commit on the master branch (ddcfeae2), where the auth provider is no longer executed.

EDIT 2

With more break points I discovered:

1. On login form POST, WordnikProvider#supports is being called with a UsernamePasswordToken, thus returning false .
2. On login form POST, WordnikListener is constructed but it's other methods ( attemptAuthentication , requiresAuthentication ) are never called. And yet WordnikFactory#createListener , too, is never called! It's a wonder that the listener is constructed.
3. However on login_check GET, WordnikListener#requiresAuthentication IS called.

Answer 1

So we had kind of a long discussion on this. The basic problem was that the form_login services was interfering with the wodnik service. Removed form_login and things started working better.

http://chat.stackoverflow.com/rooms/25251/discussion-between-montgomery-jean-and-cerad