Symfony2 api 的身份验证(用于移动应用程序)
[英]Authentication for a Symfony2 api (for mobile app use)
问题描述
I've developed a REST api for my Symfony2 application.
我为我的 Symfony2 应用程序开发了 REST api。 This api will be used by a mobile app.此 api 将由移动应用程序使用。 Much of the functionality is done in the context of the currently authenticated user, ie:大部分功能是在当前经过身份验证的用户的上下文中完成的,即:
$this->container->get('security.context')->getToken()->getUser()
I'm hoping that the mobile app will be able to post to the login action just like a traditional web form.我希望移动应用程序能够像传统的 web 表单一样发布到登录操作。 If the credentials check out then Symfony2 does it's thing and sets a cookie (does this even work in the context of a mobile app accessing an api?).如果凭证签出,那么 Symfony2 会执行此操作并设置一个 cookie(这甚至可以在访问 api 的移动应用程序的上下文中工作吗?)。 Then later api requests from that mobile phone will (hopefully) work with the native symfony2 security.context service container.然后稍后来自该手机的 api 请求将(希望)与本机 symfony2 security.context 服务容器一起使用。
Would this work?这行得通吗? I need to figure out this authorization process before I take the API to the mobile developers.在将 API 带给移动开发者之前,我需要弄清楚这个授权过程。 If possible I'd obviously like to be able to use the native security.context service instead of building out a new auth system for the api that uses xAuth or something similar.如果可能的话,我显然希望能够使用本机 security.context 服务,而不是为使用 xAuth 或类似东西的 api 构建新的身份验证系统。
Thanks谢谢
3 个解决方案
解决方案1
14 已采纳 2011-07-21 13:23:17
I think you should do it stateless (without cookie).我认为你应该做到无状态(没有cookie)。
I had the same problem, what i did:我有同样的问题,我做了什么:
- in your app/config/security.yml, add:在您的 app/config/security.yml 中,添加:
security:
...
firewalls:
rest_webservice:
pattern: /webservice/rest/.*
stateless: true
http_basic:
provider: provider_name
...
- Now you can make a request to your webservice:现在您可以向您的网络服务发出请求:
class AuthTest extends WebTestCase
{
public function testAuthenticatedWithWebservice()
{
$client = $this->createClient();
// not authenticated
$client->request('GET', '/webservice/rest/url');
$this->assertEquals(401, $client->getResponse()->getStatusCode());
// authenticated
$client->request('GET', '/webservice/rest/url', array(), array(), array(
'PHP_AUTH_USER' => 'username',
'PHP_AUTH_PW' => 'password'
));
$this->assertEquals(200, $client->getResponse()->getStatusCode());
}
}
解决方案2
5 2011-08-11 23:07:24
Here you are, How to create a custom Authentication Provider awesome article.您在这里, 如何创建自定义身份验证提供程序很棒的文章。
To Authentication to a Symfony2 application through api, you need use: WS-Security要通过 api 对 Symfony2 应用程序进行身份验证,您需要使用: WS-Security
解决方案3
3 2011-07-24 10:09:04
Yes Marc, jules is pointing to an example just to show you how to test authentication with http_basic.是的,Marc,jules 指的是一个示例,只是为了向您展示如何使用 http_basic 测试身份验证。
To be RESTful you should avoid using cookies, otherwise just call it an API.要成为 RESTful,您应该避免使用 cookies,否则只需将其称为 API。 About how secure is your authentication system you can go with http_digest over https or more secure signed request with api_key/api_secret approach.关于您的身份验证系统的安全性,您可以使用 http_digest go 通过 https 或更安全的签名请求使用 api_key/api_secret 方法。
Have a look here http://wiki.zanox.com/en/RESTful_API_authentication看看这里http://wiki.zanox.com/en/RESTful_API_authentication
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.