我正在用Symfony3構建我的第一個API登錄,但是我在登錄偵聽器上絆倒了。我想在用戶成功登錄後立即啓動一個事件,以實現各種常用目的,例如編寫日誌,生成令牌等。 因爲事情正在通過API發生,所以登錄系統與在Symfony指南中描述的經典登錄表單。有鑑於此,我肯定有些事我錯過了。登錄後Symfony 3偵聽器無法運行
監聽器初始化:
// config/services.yml
//...
login_listener:
class: 'User\LoginBundle\Listener\LoginListener'
tags:
- { name: 'kernel.event_listener', event: 'security.interactive_login', method: onSecurityInteractiveLogin }
我的聽衆:
// User/LoginBundle/Listener/LoginListener.php
namespace User\LoginBundle\Listener;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
class LoginListener
{
public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
{
echo 'Hello, I am the login listener!!';
}
}
我的控制器類
// User/LoginBundle/Controller/LoginController.php
//...
public function checkCredentialsAction(Request $request)
{
$recursiveValidator = $this->get('validator');
$user = new User;
$user->setUsername($request->request->get('username'));
$user->setPassword($request->request->get('password'));
$errors = $recursiveValidator->validate($user);
if (count($errors) > 0) {
$errorsString = (string) $errors;
return new JsonResponse($errorsString);
}
$loginService = $this->get('webserviceUserProvider.service');
$user = $loginService->loadUserByUsernameAndPassword(
$request->get('username'),
$request->get('password')
);
if ($user instanceof WebserviceUser) {
return new JsonResponse('all right');
}
return new JsonResponse('Username/password is not valid', 403);
}
我的安全組件
security:
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
in_memory:
memory: ~
api_key_user_provider:
id: AppBundle\Security\ApiKeyUserProvider
# property: apiKey
user_db_provider:
entity:
class: UserUserBundle:User
# property: username
webservice:
id: User\UserBundle\Security\User\WebserviceUserProvider
encoders:
User\UserBundle\Entity\User:
algorithm: bcrypt
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
user_logged:
pattern: ^/logged
stateless: true
simple_preauth:
authenticator: AppBundle\Security\ApiKeyAuthenticator
provider: api_key_user_provider
main:
anonymous: ~
form_login:
check_path: login/check
access_control:
- { path: ^/login/check, roles: IS_AUTHENTICATED_ANONYMOUSLY }
正如你所看到的驗證是針對實體進行的,並且當用戶/密碼有效時,返回的json是return new JsonResponse('all right, you are logged in');
。驗證被實例化服務(方法loadUserByUsernameAndPassword
,它是相當類似this)自定義用戶提供一流的完成,
爲什麼當用戶和密碼是否有效並出現登錄,聽者不考慮作爲一個有效的事件使interactive_login
事件發生火災?
似乎這個項目不使用安全組件:) –
我沒有看到你實際登錄用戶的位置。例如,在哪裏更新令牌存儲? – Cerad
@MaxP。我剛剛用我的security.yml更新了我的帖子。 –