[英]Symfony 2.8 Guard AbstractGuardAuthenticator, how to return a real token?
I'm playing around with AbstractGuardAuthenticator
from the relatively new Guard
subsystem added in Symfony 2.8. 我正在使用Symfony 2.8中新增的相对较新的
Guard
子系统中的AbstractGuardAuthenticator
。
My setup is really simple. 我的设置非常简单。 I send a request to a protected URL which takes a username:password base64 encoded.
我将请求发送到受保护的URL,该URL采用用户名:密码base64编码。 It checks both against the database and should return a token.
它会针对数据库进行检查,并应返回一个令牌。
The authentication successful method: 认证成功的方法:
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
//If login successful, return token
return new Response($this->tokenStorage->getToken());
}
What it returns is: 它返回的是:
PostAuthenticationGuardToken(user="test", authenticated=true, roles="ROLE_ADVANCED,
ROLE_USER")
Now, this is what I'd expect given that the AbstractGuardAuthenticator
defines the method for creating this token exactly like this. 现在,考虑到
AbstractGuardAuthenticator
完全像这样定义创建此令牌的方法,这就是我所期望的。
public function createAuthenticatedToken(UserInterface $user, $providerKey)
{
return new PostAuthenticationGuardToken(
$user,
$providerKey,
$user->getRoles()
);
}
UPDATE 1.1: 更新1.1:
Using the LexikJWTAuthenticationBundle
I am now attempting to implement Json Web Tokens into my application's AbstractGuardAuthenticator . 现在,我使用
LexikJWTAuthenticationBundle
尝试在应用程序的AbstractGuardAuthenticator中实现Json Web令牌。 The Lexik bundle provides both a success and failure handler: lexik_jwt_authentication.handler.authentication_success
& lexik_jwt_authentication.handler.authentication_failure
which point at classes that get certain JWT variables injected into them. Lexik捆绑包提供成功和失败处理程序:
lexik_jwt_authentication.handler.authentication_success
和lexik_jwt_authentication.handler.authentication_failure
指向指向将某些JWT变量注入到其中的类。 How do I hook them into AbstractGuardAuthenticator
's success and failure handlers? 如何将它们挂接到
AbstractGuardAuthenticator
的成功和失败处理程序中?
crud:
anonymous: ~
guard:
authenticators:
- app.token_authenticator
pattern: ^/database/
And the Guard
success and failure methods 和
Guard
成败的方法
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
if ($token = $request->headers->get('X-AUTH-TOKEN')) {
//on success, let the request continue
} else {
//If login successful, return token
return new Response($this->tokenStorage->getToken());
}
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$data = array(
'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
// or to translate this message
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
);
return new JsonResponse($data, 403);
}
I am currently extending and merging JWTTokenAuthenticator
with my own token authenticator instead of the AbstractGuardAuthenticator
as both implement GuardAuthenticatorInterface
. 我目前正在扩展
JWTTokenAuthenticator
与我自己的令牌认证器(而不是AbstractGuardAuthenticator
合并,因为两者都实现了GuardAuthenticatorInterface
。
I'd like to know how to return a real token, which can be used to authenticate a user instead of sending the username:password every time.
我想知道如何返回真实的令牌,该令牌可用于验证用户身份,而不是每次都发送username:password。
Symfony Guard Component Symfony Guard组件
Guard aims at simplifying the authentication subsystem. Guard旨在简化身份验证子系统。
Before Guard, setting up custom authentication was a lot more work. 在加入Guard之前,设置自定义身份验证还有很多工作。 You needed to create several parts/classes and make them work together.
您需要创建多个零件/类并使它们一起工作。 It's flexible, you can create any authentication system you want, but it needs some effort.
它很灵活,您可以创建所需的任何身份验证系统,但需要一些努力。 With Guard, it becomes a lot easier, while maintaining all flexibility.
使用Guard,它变得更加容易,同时又保持了所有的灵活性。
This is not the component you're looking for. 这不是您要查找的组件。
Symfony Security Token Symfony安全令牌
When reading the word "token" in documentation about the Guard Component, what's referred to is an implementation of the TokenInterface . 在阅读有关Guard Component的文档中的“令牌”一词时,所指的是TokenInterface的实现。 Symfony uses these implementations to keep track of the authentication state.
Symfony使用这些实现来跟踪身份验证状态。 These implementations never leave your application, it's an internal thing.
这些实现永远不会离开您的应用程序,这是内部的事情。
This is not the token you're looking for. 这不是您要查找的令牌。
JSON Web Token JSON Web令牌
The "token" you're talking about is some pease of information a client can use to authenticate with. 您正在谈论的“令牌”是客户端可以用来进行身份验证的信息的某种形式。 This can be a random string like the "access token" of OAuth 2.0 protocol, or a self-contained and signed set of information, like JSON Web Tokens (JWT).
这可以是随机字符串,例如OAuth 2.0协议的“访问令牌”,也可以是一组独立且经过签名的信息,例如JSON Web令牌 (JWT)。
IMHO JWT would be the most future-proof token at the moment. 恕我直言,JWT将是目前最具前瞻性的代币。 The Anatomy of a JSON Web Token is a good read to get familiar with JWT.
熟悉JWT可以很好地阅读JSON Web令牌剖析 。
There are several bundles out there that can easily integrate JWT into your Symfony project. 有几个捆绑包可以轻松地将JWT集成到您的Symfony项目中。 LexikJWTAuthenticationBundle is the most popular one right now.
LexikJWTAuthenticationBundle是目前最流行的一种。 I suggest you have a look :)
我建议你看看:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.