我正在使用 symfony 7.1、api-platform 和 lexikJWTAuthentication。
我使用此端点登录:http://localhost:8000/api/login
我试图了解这里发生的事情,我在日志中看到了这一点:
[2024-10-20T22:45:57.614291+00:00] request.INFO:匹配路由“登录”。 {“route”:“登录”,“route_parameters”:{“_route”:“登录”},“request_uri”:“http://localhost:8000/api/login”,“方法”:“POST”} [ ] [2024-10-20T22:45:57.634711+00:00] security.DEBUG:检查身份验证器支持。 {“firewall_name”:“main”,“authenticators”:2} [] [2024-10-20T22:45:57.634753+00:00] security.DEBUG:检查验证器的支持。 {“firewall_name”:“main”,“authenticator”:“Lexik \ Bundle \ JWTAuthenticationBundle \ Security \ Authenticator \ JWTAuthenticator”} [] [2024-10-20T22:45:57.634779+00:00] security.DEBUG:身份验证器不支持该请求。 {“firewall_name”:“main”,“authenticator”:“Lexik \ Bundle \ JWTAuthenticationBundle \ Security \ Authenticator \ JWTAuthenticator”} [] [2024-10-20T22:45:57.634796+00:00] security.DEBUG:检查验证器的支持。 {"firewall_name":"main","authenticator":"Symfony\Component\Security\Http\Authenticator\JsonLoginAuthenticator"} []
这意味着,JsonLoginAuthenticator 接受身份验证,而不是 JWTAuthenticator
这是我的服务.yml
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
stateless: true
provider: app_user_provider
json_login:
check_path: login
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
jwt:
api:
pattern: ^/api
stateless: true
jwt: ~
access_control:
- { path: ^/api/login, roles: PUBLIC_ACCESS }
- { path: ^/api/register, roles: PUBLIC_ACCESS }
- { path: ^/api$, roles: IS_AUTHENTICATED_FULLY }
when@test:
security:
password_hashers:
# By default, password hashers are resource intensive and take time. This is
# important to generate secure password hashes. In tests however, secure hashes
# are not important, waste resources and increase test times. The following
# reduces the work factor to the lowest possible values.
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
我的路线.yml
controllers:
resource:
path: ../src/Controller/
namespace: App\Controller
type: attribute
login:
path: /api/login
methods: ['POST']
还有我的 lexik_jwt_authentication.yaml
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
token_ttl: 3600
api_platform:
check_path: /api/login
username_path: email
password_path: security.credentials.password
我只是按照文档操作
https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/index.html
我的令牌正在生成,但不是由 JWT 身份验证器生成的,我只想为 JWT 身份验证创建一个事件订阅者
我相信您的
apimain第一个匹配的防火墙由 Symfony 使用,并且由于
main^/api