[英]Get data from a user with access token without being logged in
There is this website I'm working on a little bit. 有一个我正在努力的网站。 I've added recently an API to it so I can get notifications.
我最近向其中添加了一个API,以便可以收到通知。 To get those notifications, I type this url
要获取这些通知,请输入此网址
http://localhost/pham/Claroline/web/app_dev.php/icap_notification/api/notifications.json?access_token= "some access token" http://localhost/pham/Claroline/web/app_dev.php/icap_notification/api/notifications.json?access_token = “某些访问令牌”
For now it only works if the user is logged in. Would it be possible to make it work without the user being logged in ? 现在,它仅在用户登录后才有效。是否可以在用户未登录的情况下使其正常工作? I mean since I get the access token it shouldn't be a problem.
我的意思是,既然我获得了访问令牌,那应该不是问题。 Actually I need it to be done because I'm also developing a mobile application and basically I use this url in the app to display the notifications
实际上,我需要完成此操作,因为我也在开发移动应用程序,并且基本上我在应用程序中使用此网址来显示通知
Thank you all 谢谢你们
Edit : here's the security.yml file 编辑:这是security.yml文件
security: 安全:
providers:
user_db:
entity: { class: Claroline\CoreBundle\Entity\User }
encoders:
Claroline\CoreBundle\Entity\User: sha512
firewalls:
install:
pattern: ^/install
security: false
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
form_login:
check_path: /oauth/v2/auth_login_check
login_path: /oauth/v2/auth_login
default_target_path: /oauth/v2/auth/form
anonymous: true
api:
pattern: ^/api
claro_api: true
#fos_oauth: true
#stateless: true
security: true
main:
pattern: ^/
simple_form:
authenticator: claroline.core_bundle.library.security.external_authenticator
check_path: /login_check
form_login:
success_handler: claroline.authentication_handler
failure_handler: claroline.security.ajax_authentication_failure_handler
anonymous: ~
logout: true
switch_user: { role: ROLE_ADMIN, parameter: _switch }
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days
path: /
domain: ~
access_decision_manager:
allow_if_all_abstain: false
access_control:
- { path: ^/oauth/v2/auth_login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, role: IS_AUTHENTICATED_FULLY }
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/connect, role: IS_AUTHENTICATED_ANONYMOUSLY }
Yes, it's possible. 是的,有可能。 Symfony2 documentation describes that it's possible to have multiple "firewalls" for your application.
Symfony2文档描述了您的应用程序可能具有多个“防火墙”。
In your case you have a "normal" one for most of your site, and an "api access" one for your API. 在您的情况下,您的大多数站点都有一个“普通”站点,而您的API有一个“ api访问”站点。 They can, naturally, be of different types and use different user providers (aka. different sets of "users").
自然,它们可以是不同的类型,并使用不同的用户提供程序(也称为“用户”的不同集合)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.