Api 使用FOSUserBundle的WSSE身份验证
当我想从使用Symfony创建的restapi使用WSSE对用户进行身份验证时,我遇到了一个问题。 我遵循了网站symfony wsse authentication()上的指南,完成了教程(),用户管理由FOSUserBundle处理 默认情况下,I wsse对访问资源/api的请求进行身份验证。 所以我在我的安全中Api 使用FOSUserBundle的WSSE身份验证,api,symfony,fosuserbundle,ws-security,wsse,Api,Symfony,Fosuserbundle,Ws Security,Wsse,当我想从使用Symfony创建的restapi使用WSSE对用户进行身份验证时,我遇到了一个问题。 我遵循了网站symfony wsse authentication()上的指南,完成了教程(),用户管理由FOSUserBundle处理 默认情况下,I wsse对访问资源/api的请求进行身份验证。 所以我在我的安全中 security: encoders: FOS\UserBundle\Model\UserInterface: sha512 role_hier
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
wsse_secured:
pattern: /api/.*
stateless: true
wsse: true
anonymous : false
#dev:
# pattern: ^/(_(profiler|wdt)|css|images|js)/
# security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
为了访问我的资源/api/hello,我在请求头中添加了:
Authorization: Authorization profile=”UsernameToken”
x-wsse: UsernameToken Username="foo", PasswordDigest="9/dyW92Vp+mWEbyXeblRMqTQSJc=", Nonce="MDc1MGNkZjAwMjNmZjk2YQ==", Created="2014-04-17T16:18:34Z"
但在发送查询后,我得到一个返回给我的错误:
WSSE Login failed for foo. Why? No Authentication Provider found for token of class "Acme \ UserBundle \ Security \ Authentication \ Token \ WsseUserToken".
此错误消息是在my WsseListener类中引发的异常:
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage();
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$response->setContent($failedMessage);
$event->setResponse($response);
return;
}
确保apache没有剥离授权标头(默认情况下,它会剥离授权标头) 您可以通过将以下行添加到.htaccess文件来强制执行此操作:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
好的,我刚发现问题 在我的authentificate方法(WsseProvider类)中,我没有返回任何内容 之前(不起作用):
工作结束后: 现在一切都好了
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if(!$user){
throw new AuthenticationException("Bad credentials... Did you forgot your username ?");
}
if ($user &&
$this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
}
}
public function authenticate(TokenInterface $token)
{
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if(!$user){
throw new AuthenticationException("Bad credentials... Did you forgot your username ?");
}
if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
$authenticatedToken = new WsseUserToken($user->getRoles());
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
throw new AuthenticationException('The WSSE authentication failed.');
}