Symfony 2.8 Guard AbstractGuardAuthenticator,如何返回真实令牌?
[英]Symfony 2.8 Guard AbstractGuardAuthenticator, how to return a real token?
问题描述
I'm playing around with AbstractGuardAuthenticator from the relatively new Guard subsystem added in Symfony 2.8. 
我正在使用Symfony 2.8中新增的相对较新的Guard子系统中的AbstractGuardAuthenticator 。
My setup is really simple. 我的设置非常简单。 I send a request to a protected URL which takes a username:password base64 encoded. 我将请求发送到受保护的URL,该URL采用用户名:密码base64编码。 It checks both against the database and should return a token. 它会针对数据库进行检查,并应返回一个令牌。
The authentication successful method: 认证成功的方法:
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
//If login successful, return token
return new Response($this->tokenStorage->getToken());
}
What it returns is: 它返回的是:
PostAuthenticationGuardToken(user="test", authenticated=true, roles="ROLE_ADVANCED,
ROLE_USER")
Now, this is what I'd expect given that the AbstractGuardAuthenticator defines the method for creating this token exactly like this. 现在,考虑到AbstractGuardAuthenticator完全像这样定义创建此令牌的方法,这就是我所期望的。
public function createAuthenticatedToken(UserInterface $user, $providerKey)
{
return new PostAuthenticationGuardToken(
$user,
$providerKey,
$user->getRoles()
);
}
UPDATE 1.1: 更新1.1:
Using the LexikJWTAuthenticationBundle I am now attempting to implement Json Web Tokens into my application's AbstractGuardAuthenticator . 现在,我使用LexikJWTAuthenticationBundle尝试在应用程序的AbstractGuardAuthenticator中实现Json Web令牌。 The Lexik bundle provides both a success and failure handler: lexik_jwt_authentication.handler.authentication_success & lexik_jwt_authentication.handler.authentication_failure which point at classes that get certain JWT variables injected into them. Lexik捆绑包提供成功和失败处理程序: lexik_jwt_authentication.handler.authentication_success和lexik_jwt_authentication.handler.authentication_failure指向指向将某些JWT变量注入到其中的类。 How do I hook them into AbstractGuardAuthenticator 's success and failure handlers? 如何将它们挂接到AbstractGuardAuthenticator的成功和失败处理程序中?
crud:
anonymous: ~
guard:
authenticators:
- app.token_authenticator
pattern: ^/database/
And the Guard success and failure methods 和Guard成败的方法
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
if ($token = $request->headers->get('X-AUTH-TOKEN')) {
//on success, let the request continue
} else {
//If login successful, return token
return new Response($this->tokenStorage->getToken());
}
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$data = array(
'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
// or to translate this message
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
);
return new JsonResponse($data, 403);
}
I am currently extending and merging JWTTokenAuthenticator with my own token authenticator instead of the AbstractGuardAuthenticator as both implement GuardAuthenticatorInterface . 我目前正在扩展JWTTokenAuthenticator与我自己的令牌认证器(而不是AbstractGuardAuthenticator合并,因为两者都实现了GuardAuthenticatorInterface 。
1 个解决方案
解决方案1
2 已采纳 2016-11-02 20:00:57
I'd like to know how to return a real token, which can be used to authenticate a user instead of sending the username:password every time.
Symfony Guard Component Symfony Guard组件
Guard aims at simplifying the authentication subsystem. Guard旨在简化身份验证子系统。
Before Guard, setting up custom authentication was a lot more work. 在加入Guard之前,设置自定义身份验证还有很多工作。 You needed to create several parts/classes and make them work together. 您需要创建多个零件/类并使它们一起工作。 It's flexible, you can create any authentication system you want, but it needs some effort. 它很灵活,您可以创建所需的任何身份验证系统,但需要一些努力。 With Guard, it becomes a lot easier, while maintaining all flexibility. 使用Guard,它变得更加容易,同时又保持了所有的灵活性。
This is not the component you're looking for. 这不是您要查找的组件。
Symfony Security Token Symfony安全令牌
When reading the word "token" in documentation about the Guard Component, what's referred to is an implementation of the TokenInterface . 在阅读有关Guard Component的文档中的“令牌”一词时,所指的是TokenInterface的实现。 Symfony uses these implementations to keep track of the authentication state. Symfony使用这些实现来跟踪身份验证状态。 These implementations never leave your application, it's an internal thing. 这些实现永远不会离开您的应用程序,这是内部的事情。
This is not the token you're looking for. 这不是您要查找的令牌。
JSON Web Token JSON Web令牌
The "token" you're talking about is some pease of information a client can use to authenticate with. 您正在谈论的“令牌”是客户端可以用来进行身份验证的信息的某种形式。 This can be a random string like the "access token" of OAuth 2.0 protocol, or a self-contained and signed set of information, like JSON Web Tokens (JWT). 这可以是随机字符串,例如OAuth 2.0协议的“访问令牌”,也可以是一组独立且经过签名的信息,例如JSON Web令牌 (JWT)。
IMHO JWT would be the most future-proof token at the moment. 恕我直言,JWT将是目前最具前瞻性的代币。 The Anatomy of a JSON Web Token is a good read to get familiar with JWT. 熟悉JWT可以很好地阅读JSON Web令牌剖析 。
There are several bundles out there that can easily integrate JWT into your Symfony project. 有几个捆绑包可以轻松地将JWT集成到您的Symfony项目中。 LexikJWTAuthenticationBundle is the most popular one right now. LexikJWTAuthenticationBundle是目前最流行的一种。 I suggest you have a look :) 我建议你看看:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.