Silex Security JSON Service Provider
, (*1)
This Security factory provides a cookie-less replacement for form_login which cannot be used ., (*2)
Since they rely on cookies, the switch_user and logout config options are not supported with this Security factory., (*3)
Security advisory: Although you are not forced to, it is highly advised to use HTTPS., (*4)
Installation
Using command line:, (*5)
composer require grimzy/security-json-service-provider:1.0^
Or adding to composer.json:, (*6)
"grimzy/security-json-service-provider:1.0^"
Usage
Configure firewalls:, (*7)
$app['security.firewalls'] = [
'login' => [
'pattern' => '^/api/login',
'anonymous' => true,
'stateless' => true,
'json' => [
// Default configuration
'username_parameter' => 'username',
'password_parameter' => 'password',
'post_only' => true,
'json_only' => true
]
],
'secured' => [
'pattern' => '^.*$',
'stateless' => true,
'token' => true
],
];
Add a users provider:, (*8)
$app['users'] = function () use ($app) {
return new InMemoryUserProvider([
'admin' => [
'roles' => ['ROLE_ADMIN'],
'password' => '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg==', // foo
'enabled' => true
],
]);
};
Example configuration:, (*9)
$app['security.firewalls' => [
'login' => [
'pattern' => '^/api/login',
'anonymous' => true,
'stateless' => true,
'json' => [
// Default configuration
'username_parameter' => 'username',
'password_parameter' => 'password',
'post_only' => true,
'json_only' => true
]
],
'secured' => [
'pattern' => '^.*$',
'stateless' => true,
'token' => true
],
]];
Register the service providers:, (*10)
$app->register(new Silex\Provider\SecurityServiceProvider());
$app->register(new Silex\Provider\SecurityJsonServiceProvider());
Define a route (only accessible after successful authentication):, (*11)
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\JsonResponse;
$app->post('/api/login', function(Request $request) use ($app) {
$user = $app['user']; // Logged in user
$token = $app['some.token_encoder']->encode($user);
return new JsonResponse([
'token' => $token
]);
};
Note: if post_only is false, you can use $app->get() instead of $app->post when defining your route., (*12)
Override entry point
Create a new class implementing Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface:, (*13)
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
class GandalfAuthenticationEntryPoint implements AuthenticationEntryPointInterface
{
/**
* {@inheritdoc}
*/
public function start(Request $request, AuthenticationException $authException = null)
{
return new Response('You shall not pass!', Response::HTTP_UNAUTHORIZED);
}
}
Replace the packaged JsonAuthenticationEntrypoint with the created one:, (*14)
$app->register(new Silex\Provider\SecurityJsonServiceProvider());
// after registering the provider
$app['security.entry_point.json'] = function () use ($app) {
return new GandalfAuthenticationEntryPoint();
};
Wallogit.com
