我正在做一个遗留的symfony项目,我想为我的休息部分集成jwt令牌认证,也许以后会进行完全迁移,但我面临着一个问题。我在security.yaml中定义了两个防火墙,当另一个停用时,它们每个都工作得很好,但当我在文件中配置它们时,在文件中定义的第一个是接管身份验证,而第二个则不管它是什么身份验证类型。
以下是我到目前为止在文件中所做的:
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: app_user_provider
json_login:
check_path: app_login
username_path: email
password_path: password
success_handler: AuthenticationSuccessHandler
logout:
path: app_logout
two_factor:
prepare_on_login: true
prepare_on_access_denied: true
authentication_required_handler: TwoFactorAuthenticationRequiredHandler
success_handler: TwoFactorAuthenticationSuccessHandler
failure_handler: TwoFactorAuthenticationFailureHandler
auth_form_path: 2fa_login # The route name you have used in the routes.yaml
check_path: 2fa_login_check # The route name you have used in the routes.yaml
enable_csrf: true
restlogin:
stateless: true
pattern: ^/rest/login
json_login:
check_path: login_check
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
# custom_authenticator: App\Security\RestLoginAuthenticator
rest:
pattern: ^/rest
stateless: true
jwt: ~
restsignup:
pattern: ^/rest/signup
stateless: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# The path patterns shown here have to be updated according to your routes.
# IMPORTANT: ADD THESE ACCESS CONTROL RULES AT THE VERY TOP OF THE LIST!
access_control:
# REST
- { path: ^/rest/login, roles: PUBLIC_ACCESS }
# - { path: ^/rest, roles: IS_AUTHENTICATED_FULLY }
# This makes the logout route accessible during two-factor authentication. Allows the user to
# cancel two-factor authentication, if they need to.
- { path: ^/, role: PUBLIC_ACCESS }
- { path: ^/logout, role: PUBLIC_ACCESS }
# This ensures that the form can only be accessed when two-factor authentication is in progress.
- { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
**注意:**除了restlogin,rest和restsignup之外的所有代码都是遗留代码,我不想破坏任何已经运行的代码。
路由结构是这样的:
| /
| login
| register
| logout
| other legacy routes
| rest/
| login
| signup
| logout
| other api routes
我认为解决这个问题最简单的方法是告诉主防火墙忽略rest路由下的所有内容,让rest防火墙来处理这个问题,但是当我调用/rest/login时仍然会出现401错误,尽管我已经在access_control部分设置了公共访问。请注意,当restlogin在文件中放置在main之上时,也会发生同样的行为,结果是getUser()函数在控制器中总是返回null。
经过多次尝试,我无法找出我在配置中做错了什么,也没有听到任何地方说symfony不能在同一个应用程序中支持不同的身份验证类型。
**上下文:**我正在使用lexik jwt身份验证包2.19和symfony 6.2。
有人有同时使用symfony内置身份验证和lexik jwt的成功经验吗?
1条答案
按热度按时间flvlnr441#
通过重新定义防火墙来解决。