Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/239.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 具有Silex guard authfailure处理程序的CAS SSO_Php_Symfony_Cas_Silex - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 具有Silex guard authfailure处理程序的CAS SSO

Php 具有Silex guard authfailure处理程序的CAS SSO

php symfony

Php 具有Silex guard authfailure处理程序的CAS SSO,php,symfony,cas,silex,Php,Symfony,Cas,Silex,我已经在我的Silex应用程序中实现了jasig/phpCas身份验证。 这几乎完成了,但我无法正确处理authfailure响应 $app['app.token\u authenticator']=函数($app){ 返回新的MyApp\Domain\MyTokenAuthenticator($app['security.encoder\u factory']、$app['cas']、$app['dao.usersso']); }; $app['security.firewalls']=数组(

我已经在我的Silex应用程序中实现了jasig/phpCas身份验证。 这几乎完成了,但我无法正确处理authfailure响应

$app['app.token\u authenticator']=函数($app){
返回新的MyApp\Domain\MyTokenAuthenticator($app['security.encoder\u factory']、$app['cas']、$app['dao.usersso']);
};
$app['security.firewalls']=数组(
'默认'=>数组(
'模式'=>'^/*$',
“匿名”=>正确,
“guard”=>数组(
“验证器”=>数组(
'应用程序令牌\身份验证器'
),
),
'logout'=>array('logout\u path'=>'/logout','target\u url'=>'/debye'),
'form'=>array('login\u path'=>'/login','check\u path'=>'/admin/login\u check','authenticator'=>'time\u authenticator'),
“用户”=>函数()使用($app){
返回新的MyApp\DAO\UserDAO($app['db']);
},
),
);
MyTokenAuthenticator类:

class MyTokenAuthenticator extends AbstractGuardAuthenticator
{
    private $encoderFactory;
    private $cas_settings;
    private $sso_dao;

    public function __construct(EncoderFactoryInterface $encoderFactory, $cas_settings, MyApp\DAO\UserSsoDAO $userdao)
{
    $this->encoderFactory = $encoderFactory;
    $this->cas_settings = $cas_settings;
    $this->sso_dao = $userdao;
}

public function getCredentials(Request $request)
{
    $bSSO = false;

    //Test request for sso
    if ( strpos($request->get("ticket"),"cas-intra") !==false )
        $bSSO = true;
    if($request->get("sso") == "1")
        $bSSO=true;

    if ($bSSO)
    {
        if ($this->cas_settings['debug'])
        {
            \CAS_phpCAS::setDebug();
            \CAS_phpCAS::setVerbose(true);
        }

        \CAS_phpCAS::client(CAS_VERSION_2_0,
                $this->cas_settings['server'],
                $this->cas_settings['port'],
                $this->cas_settings['context'],
                false); 

        \CAS_phpCAS::setCasServerCACert('../app/config/cas.pem');
        // force CAS authentication
        \CAS_phpCAS::forceAuthentication();
        $username = \CAS_phpCAS::getUser();
        return array ( 
                'username' => $username,
                'secret' => 'SSO'
        );
    }

    //Nothing to do, skip custom auth
    return;
}

/**
 * Get User from the SSO database.
 * Add it into the MyApp users database (Update if already exists)
 * {@inheritDoc}
 * @see \Symfony\Component\Security\Guard\GuardAuthenticatorInterface::getUser()
 */
public function getUser($credentials, UserProviderInterface $userProvider)
{
    //Get user stuf
    ....
    //return $userProvider->loadUserByUsername($credentials['username']);
    return $user;
}

/**
 * 
 * {@inheritDoc}
 * @see \Symfony\Component\Security\Guard\GuardAuthenticatorInterface::checkCredentials()
 */
public function checkCredentials($credentials, UserInterface $user)
{
    // check credentials - e.g. make sure the password is valid
    // return true to cause authentication success

    if ( $this->sso_dao->isBAllowed($user->getLogin() ) )
        return true;
    else 
        throw new CustomUserMessageAuthenticationException("Sorry, you're not alllowed tu use this app.");
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
    // on success, let the request continue
    return;
}

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
    $data = array(
            'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),

            // or to translate this message
            // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
    );

    return new JsonResponse($data,403);

}
问题是当来自SSO的有效用户在应用程序中被拒绝时。它显示 包含json消息的页面,没有任何呈现。 我的解决方法是使用带有sso注销链接的最小html页面作为响应和
session\u destroy()
,但这是一个快速而肮脏的修复方法

我想通过细枝重新命名,并显示一条漂亮的错误消息。也许还有别的课程可以扩展?Silex的文件没有任何帮助。谢谢大家!

回到这个问题,就像我在dev的其他方面一样。 @mTorres的解决方案正在发挥作用。我必须通过构造函数存储整个应用程序对象,因为此时在服务注册表中并没有设置twig

class MyTokenAuthenticator extends AbstractGuardAuthenticator
{
    private $app;

   public function __construct($app)
   {
        $this->app=$app;
   }
然后自定义事件

public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
   return new \Symfony\Component\HttpFoundation\Response(
            $this->app['twig']->render( 'logout.html.twig',array(
                'error'         => $data,
            ));
}
非常感谢

如果希望HTML呈现错误,为什么要返回
JsonResponse
?我是不是遗漏了什么?如果您只是想要一个HTML响应,您可以尝试将twig注入到类中,然后
返回新响应($this->twig->render('error-template.twig',[“data”=>$data]),响应::HTTP\u禁止)这是的一个哑拷贝/粘贴。As
onAuthenticationFailure
需要响应,原因很好(预配置表单?)。渲染为响应对象似乎是一种很好的方法。我是新来的Silex,不知道所有的可能性。我试试看。