php – Symfony2显示“在SecurityContext中找不到令牌”而不是我的AuthenticationException
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了php – Symfony2显示“在SecurityContext中找不到令牌”而不是我的AuthenticationException,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含7479字,纯文字阅读大概需要11分钟。
内容图文
![php – Symfony2显示“在SecurityContext中找不到令牌”而不是我的AuthenticationException](/upload/InfoBanner/zyjiaocheng/794/f98534095a004d2bbe6d868c288f7aa0.jpg)
你好
我试图在Symfony2中为我的api设置某种WSSE身份验证.但是在测试未经授权的调用时,我得到的是来自框架的状态代码为500的AuthenticationCredentialsNotFoundException,而不是获取我的自定义AuthenticationException.
为什么会发生这种情况的任何想法?这是我的代码:
WsseListener.php
<?php
namespace KrugerCorp\VOIPBundle\Security\Firewall;
use Symfony\Component\Config\Definition\Exception\Exception;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\Log\LoggerInterface;
use Symfony\Component\Security\Http\Firewall\ListenerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\SecurityContextInterface;
use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
use KrugerCorp\VOIPBundle\Security\Authentication\Token\WsseTenantToken;
class WsseListener implements ListenerInterface
{
protected $securityContext;
protected $authenticationManager;
protected $logger;
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger)
{
$this->securityContext = $securityContext;
$this->authenticationManager = $authenticationManager;
$this->logger = $logger;
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches))
return;
$token = new WsseTenantToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $e) {
$failedMessage = 'WSSE login failed for '.$token->getUsername()-'. Why? '.$e->getMessage();
$this->logger->error($failedMessage);
$response = new Response();
$response->setStatusCode(403);
$response->setContent($failedMessage);
$event->setResponse($response);
return;
}
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
}
WsseProvider.php
<?php
namespace KrugerCorp\VOIPBundle\Security\Authentication\Provider;
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\NonceExpiredException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use KrugerCorp\VOIPBundle\Security\Authentication\Token\WsseTenantToken;
class WsseProvider implements AuthenticationProviderInterface {
private $tenantProvider;
private $cacheDir;
public function __construct(UserProviderInterface $userProvider, $cacheDir)
{
$this->tenantProvider = $userProvider;
$this->cacheDir = $cacheDir;
}
public function authenticate(TokenInterface $token)
{
$tenant = $this->tenantProvider->loadUserByUsername($token->getUsername());
if (!$tenant)
throw new AuthenticationException("Bad credentials.");
if ($tenant && $this->validateDigest($token->digest, $token->nonce, $token->created, $tenant->getPassword()))
{
$authenticatedToken = new WsseTenantToken($tenant->getRoles());
$authenticatedToken->setUser($tenant);
return $authenticatedToken;
}
throw new AuthenticationException('The WSSE authentication failed.');
}
protected function validateDigest($digest, $nonce, $created, $secret)
{
if (strtotime($created) > time())
throw new AuthenticationException('The provided WSSE timestamp is in the future. Nice try.');
if (time() - strtotime($created) > 300)
throw new AuthenticationException('The timestamp is outdated.');
if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time())
throw new NonceExpiredException('Previously used nonce detected');
if (!is_dir($this->cacheDir))
mkdir($this->cacheDir, 0777, true);
file_put_contents($this->cacheDir.'/'.$nonce, time());
$expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true));
if ($digest !== $expected)
throw new AuthenticationException('Bad credentials. Digest is not as expected.');
return true;
}
public function supports(TokenInterface $token)
{
return $token instanceof WsseTenantToken;
}
}
WsseFactory.php
<?php
namespace KrugerCorp\VOIPBundle\DependencyInjection\Security\Factory;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Reference;
use Symfony\Component\DependencyInjection\DefinitionDecorator;
use Symfony\Component\Config\Definition\Builder\NodeDefinition;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
class WsseFactory implements SecurityFactoryInterface
{
public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
{
$providerId = 'security.authentication.provider.wsse.'.$id;
$container
->setDefinition($providerId, new DefinitionDecorator('wsse.security.authentication.provider'))
->replaceArgument(0, new Reference($userProvider));
$listenerId = 'security.authentication.listener.wsse.'.$id;
$listener = $container->setDefinition($listenerId, new DefinitionDecorator('wsse.security.authentication.listener'));
return array($providerId, $listenerId, $defaultEntryPoint);
}
public function getPosition()
{
return 'pre_auth';
}
public function getKey()
{
return 'wsse';
}
public function addConfiguration(NodeDefinition $node)
{
}
}
我的防火墙
wsse_secured:
pattern: ^/api/.*
stateless: true
wsse: true
anonymous: false
我的服务
wsse.security.authentication.provider:
class: KrugerCorp\VOIPBundle\Security\Authentication\Provider\WsseProvider
arguments: ["", "%kernel.cache_dir%/security/nonces"]
wsse.security.authentication.listener:
class: KrugerCorp\VOIPBundle\Security\Firewall\WsseListener
arguments: ["@security.context", "@security.authentication.manager", "@logger"]
tags:
- { name: monolog.logger, channel: wsse }
和mu捆绑类
<?php
namespace KrugerCorp\VOIPBundle;
use Symfony\Component\HttpKernel\Bundle\Bundle;
use KrugerCorp\VOIPBundle\DependencyInjection\Security\Factory\WsseFactory;
use Symfony\Component\DependencyInjection\ContainerBuilder;
class KrugerCorpVOIPBundle extends Bundle
{
public function build(ContainerBuilder $container)
{
parent::build($container);
$extension = $container->getExtension('security');
$extension->addSecurityListenerFactory(new WsseFactory());
}
}
解决方法:
try {
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $e) {
// ...
}
您只捕获AuthenticationException!
但
$this->authenticationManager->authenticate($token);
还会抛出不会被捕获的NonceExpiredException.
我的代码审查…阅读评论.
// I guess loadUserByUsername throws UsernameNotFoundException.
// Wrap it in try catch and throw new AuthenticationException("Bad credentials.");
$tenant = $this->tenantProvider->loadUserByUsername($token->getUsername());
// You will not need this...
if (!$tenant)
throw new AuthenticationException("Bad credentials.");
// $tenant always true here.
if ($tenant && $this->validateDigest($token->digest, $token->nonce, $token->created, $tenant->getPassword()))
{
$authenticatedToken = new WsseTenantToken($tenant->getRoles());
$authenticatedToken->setUser($tenant);
return $authenticatedToken;
}
内容总结
以上是互联网集市为您收集整理的php – Symfony2显示“在SecurityContext中找不到令牌”而不是我的AuthenticationException全部内容,希望文章能够帮你解决php – Symfony2显示“在SecurityContext中找不到令牌”而不是我的AuthenticationException所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。