登錄後Symfony 3偵聽器無法運行

Question

我正在用Symfony3構建我的第一個API登錄，但是我在登錄偵聽器上絆倒了。我想在用戶成功登錄後立即啓動一個事件，以實現各種常用目的，例如編寫日誌，生成令牌等。 因爲事情正在通過API發生，所以登錄系統與在Symfony指南中描述的經典登錄表單。有鑑於此，我肯定有些事我錯過了。

監聽器初始化：

// config/services.yml 
//... 

    login_listener: 
     class: 'User\LoginBundle\Listener\LoginListener' 
     tags: 
      - { name: 'kernel.event_listener', event: 'security.interactive_login', method: onSecurityInteractiveLogin } 

我的聽衆：

// User/LoginBundle/Listener/LoginListener.php 

namespace User\LoginBundle\Listener; 
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; 

class LoginListener 
{ 
    public function onSecurityInteractiveLogin(InteractiveLoginEvent $event) 
    { 
     echo 'Hello, I am the login listener!!'; 
    } 
} 

我的控制器類

// User/LoginBundle/Controller/LoginController.php 
//... 

    public function checkCredentialsAction(Request $request) 
    { 
     $recursiveValidator = $this->get('validator'); 

     $user = new User; 
     $user->setUsername($request->request->get('username')); 
     $user->setPassword($request->request->get('password')); 


     $errors = $recursiveValidator->validate($user); 

     if (count($errors) > 0) { 
      $errorsString = (string) $errors; 

      return new JsonResponse($errorsString); 
     } 

     $loginService = $this->get('webserviceUserProvider.service'); 

     $user = $loginService->loadUserByUsernameAndPassword(
      $request->get('username'), 
      $request->get('password') 
     ); 

     if ($user instanceof WebserviceUser) { 
      return new JsonResponse('all right'); 

     } 

     return new JsonResponse('Username/password is not valid', 403); 
    } 

我的安全組件

security: 

    # https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded 
    providers: 
     in_memory: 
      memory: ~ 

     api_key_user_provider: 
      id: AppBundle\Security\ApiKeyUserProvider 
#    property: apiKey 

     user_db_provider: 
      entity: 
       class: UserUserBundle:User 
#    property: username 

     webservice: 
      id: User\UserBundle\Security\User\WebserviceUserProvider 

    encoders: 
     User\UserBundle\Entity\User: 
      algorithm: bcrypt 

    firewalls: 
     # disables authentication for assets and the profiler, adapt it according to your needs 
     dev: 
      pattern: ^/(_(profiler|wdt)|css|images|js)/ 
      security: false 

     user_logged: 
      pattern: ^/logged 
      stateless: true 
      simple_preauth: 
       authenticator: AppBundle\Security\ApiKeyAuthenticator 
      provider: api_key_user_provider 

     main: 
      anonymous: ~ 
      form_login: 
       check_path: login/check 


    access_control: 
     - { path: ^/login/check, roles: IS_AUTHENTICATED_ANONYMOUSLY } 

正如你所看到的驗證是針對實體進行的，並且當用戶/密碼有效時，返回的json是return new JsonResponse('all right, you are logged in');。驗證被實例化服務（方法loadUserByUsernameAndPassword，它是相當類似this）自定義用戶提供一流的完成，

爲什麼當用戶和密碼是否有效並出現登錄，聽者不考慮作爲一個有效的事件使interactive_login事件發生火災？

Answer 1

如果由於某種原因，你真的有需要手動登錄的用戶，則此方法在適當的時候添加到您的控制器和呼叫：

private function loginUser(Request $request, UserInterface $user) 
{ 
    $token = new UsernamePasswordToken($user, null, 'main', $user->getRoles()); 
    $this->get("security.token_storage")->setToken($token); 

    $event = new InteractiveLoginEvent($request, $token); 
    $this->get("event_dispatcher")->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $event); 
} 

if ($user instanceof WebserviceUser) { 
    $this->loginUser($request,$user); 
    return new JsonResponse('all right'); 
} 

然而，在大多數情況下，現有的認證系統（或一個自定義警衛認證，https://symfony.com/doc/current/security/guard_authentication.html）會爲你做這個。