LDAP、JWT 和刷新令牌的安全性

问题描述 投票:0回答:1

我正在尝试设置基于 LDAP 和 JWT 的安全性。一切似乎都运行良好,除了我必须重写 LexikBundle 的成功处理程序以使用我正在使用的自定义 JWT 提供程序https://github.com/lexik/LexikJWTAuthenticationBundle/blob/2.x/Security/Http/身份验证/AuthenticationSuccessHandler.php

这里

security.yaml:

security:
    enable_authenticator_manager: true

    role_hierarchy:
        ROLE_READER: ROLE_USER
        ROLE_ADMIN: ROLE_READER

    providers:
        users:
            id: App\Security\UserProvider

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js|docs)/
            security: false
        login:
            pattern: ^/login
            provider: users
            stateless: true
            entry_point: json_login_ldap
            json_login_ldap:
                service: Symfony\Component\Ldap\Ldap
                check_path: login_check
                dn_string: 'uid={username},%env(LDAP_USER_DN)%'
                success_handler: app.security.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false
        status:
            pattern: ^/status
            provider: ~
            stateless: true
        main:
            pattern: ^/
            provider: custom_jwt
            stateless: true
            entry_point: jwt
            jwt: ~
            refresh_jwt:
                check_path: /login_refresh

这可以很好地连接生成的令牌。否则,我还需要覆盖刷新令牌成功处理程序(我正在使用 Gesdinet https://packagist.org/packages/gesdinet/jwt-refresh-token-bundle)。

如何实现这一目标?我需要在调用 Lexik 的任何地方重写成功处理程序。我相信这会在 

service.yaml
中起作用,但事实并非如此:

Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler:
    class: App\Security\Handler\AuthenticationSuccessHandler
php symfony
1个回答
0
投票

我通过用我自己的重写 Gesdinet Success Handler 修复了所有问题,就像我对 Lexik 所做的那样。

service.yaml

app.security.handler.authentication_success:
    class: App\Security\Handler\AuthenticationSuccessHandler

gesdinet.jwtrefreshtoken.security.authentication.success_handler:
    class: Gesdinet\JWTRefreshTokenBundle\Security\Http\Authentication\AuthenticationSuccessHandler
    arguments:
        $lexikAuthenticationSuccessHandler: '@app.security.handler.authentication_success'

我也更新了

security.yaml

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js|docs)/
        security: false
    login_refresh:
        pattern: ^/login_refresh
        provider: users
        stateless: true
        refresh_jwt:
            check_path: /login_refresh
    login:
        pattern: ^/login
        provider: users
        stateless: true
        json_login_ldap:
            service: Symfony\Component\Ldap\Ldap
            check_path: login_check
            dn_string: 'uid={username},%env(LDAP_USER_DN)%'
            success_handler: app.security.handler.authentication_success
            failure_handler: lexik_jwt_authentication.handler.authentication_failure
    status:
        pattern: ^/status
        provider: ~
        stateless: true
    main:
        pattern: ^/
        provider: custom_jwt
        stateless: true
        entry_point: jwt
        jwt: ~
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.