JGr*_*non 8 authentication cas symfony symfony-2.3
我正在寻找在Symfony 2.3上集成CAS身份验证的捆绑包.我找到了这些选项,事实是我不相信,因为几乎所有的捆绑似乎都被抛弃而没有更新.
1.- sensiolabs/CasBundle:https://github.com/sensiolabs/CasBundle 文档稀疏且不完整.我还没有找到任何使用它的例子.
2.- BeSimple/BeSimpleSsoAuthBundle:https://github.com/BeSimple/BeSimpleSsoAuthBundle 我正在测试,我遇到了一些问题.我想我已经解决了第四个问题而且我落后了另一个问题.
3.- Symfony CAS客户端:https://wiki.jasig.org/display/CASC/Symfony+CAS+Client 完全过时
真的,在symfony中使用CAS进行身份验证的选项很少吗?
小智 2
我之前也遇到过同样的问题,我使用 BeSimpleSsoAuthBundle 解决了它,但您必须进行一些更改:\n假设您的用户实体已在 UserBundle 中实现,并且您必须覆盖唯一的属性 sgid :\n1- BeSimple\\SsoAuthBundle\\Security\\Core\\User :
\n\n<?php\n\nnamespace Application\\UserBundle\\Security\\BeSimple\\SpawnedUserProvider;\n\nuse BeSimple\\SsoAuthBundle\\Security\\Core\\User\\SpawnedUserProvider;\nuse Symfony\\Component\\Security\\Core\\User\\UserInterface;\nuse Symfony\\Component\\Security\\Core\\User\\User;\nuse Symfony\\Component\\HttpFoundation\\RedirectResponse;\n\n\nclass SsoUserProvider extends SpawnedUserProvider\n{\n/**\n * @var array\n */\nprivate $roles;\n\n/**\n * Constructor.\n *\n * @param array $roles An array of roles\n */\nprivate $entityManager;\nprivate $securityContext;\n\npublic function __construct($em, $securityContext) {\n $this->em = $em; \n $this->securityContext = $securityContext; \n}\n\n/**\n * {@inheritdoc}\n */\npublic function loadUserByUsername($username)\n{\n $session = $this->securityContext;\n\n $qb = $this->em->createQueryBuilder();\n $qb->select("u")\n ->from(\'ApplicationUserBundle:User\', \'u\')\n ->where(\'u.sgid = :sgid\')\n ->AndWhere(\'u.status = 1\')\n ->setParameter("sgid", $username);\n\n $result = $qb->getQuery()->getOneOrNullResult();\n\n if ($result == NULL) {\n $session->getFlashBag()->add(\'error\', \'Vous ne pouvez pas vous connecter car votre compte est d\xc3\xa9sactiv\xc3\xa9\');\n return new RedirectResponse(\'login\');\n }\n\n $user_name = $result->getFirstName().\' \'.$result->getLastName();\n $session->set(\'userId\', $result->getId());\n if ($result->getUserType() == 1) {\n $this->roles = array(\'ROLE_ADMIN\');\n }else if ($result->getUserType() == 0){\n $this->roles = array(\'ROLE_USER\');\n }else{\n $session->getFlashBag()->add(\'error\', \'Vous ne pouvez pas vous connecter car votre compte n\\\'a pas de r\xc3\xb4le\');\n return new RedirectResponse(\'logout\');\n }\n return $this->spawnUser($user_name);\n}\n\n/**\n * {@inheritDoc}\n */\npublic function refreshUser(UserInterface $user)\n{\n if (!$user instanceof User) {\n throw new UnsupportedUserException(sprintf(\'Instances of "%s" are not supported.\', get_class($user)));\n }\n\n return $this->spawnUser($user->getUsername());\n}\n\n/**\n * {@inheritDoc}\n */\npublic function supportsClass($class)\n{\n return $class === \'Symfony\\Component\\Security\\Core\\User\\User\';\n}\n\n/**\n * Spawns a new user with given username.\n *\n * @param string $username\n *\n * @return \\Symfony\\Component\\Security\\Core\\User\\User\n */\nprivate function spawnUser($username)\n{\n //$this->roles = $this->userType;\n return new User($username, null, (array)$this->roles, true, true, true, true);\n }\n}\n2-还覆盖 BeSimple\\SsoAuthBundle\\Security\\Core\\Authentication\\Provider :
\n\n<?php\n\nnamespace Application\\UserBundle\\Security\\BeSimple\\Authentication\\Provider;\n\nuse Symfony\\Component\\Security\\Core\\User\\UserInterface;\nuse Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException;\nuse Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException;\nuse BeSimple\\SsoAuthBundle\\Security\\Core\\User\\UserFactoryInterface;\n\n/*\n * @Override \n */\nuse BeSimple\\SsoAuthBundle\\Security\\Core\\Authentication\\Provider\\SsoAuthenticationPr ovider;\n\nclass AppAuthenticationProvider extends SsoAuthenticationProvider\n{\n/**\n * @var UserProviderInterface\n */\nprivate $userProvider;\n\n/**\n * @var bool\n */\nprivate $createUsers;\n\n/**\n * @var bool\n */\nprivate $hideUserNotFound;\n\n/**\n * @Override file\n * @throws \\Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException\n * @throws \\Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException\n *\n * @param string $username\n * @param array $attributes\n *\n * @return UserInterface\n */\nprotected function provideUser($username, array $attributes = array())\n{\n try {\n $user = $this->retrieveUser($username);\n } catch (UsernameNotFoundException $notFound) {\n if ($this->createUsers && $this->userProvider instanceof UserFactoryInterface) {\n $user = $this->createUser($username, $attributes);\n } elseif ($this->hideUserNotFound) {\n throw new BadCredentialsException(\'Bad credentials\', 0, $notFound);\n } else {\n throw $notFound;\n }\n }\n\n return $user;\n }\n\n}\n3-当用户登录到您的应用程序时,在会话中保存所需的信息:
\n\n<?php\n\nnamespace Application\\UserBundle\\Security\\Authentication\\Handler;\n\nuse Symfony\\Component\\HttpFoundation\\Request;\nuse Symfony\\Component\\HttpFoundation\\RedirectResponse;\nuse Symfony\\Component\\Routing\\Router;\nuse Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface;\nuse Symfony\\Component\\Security\\Core\\SecurityContext;\nuse Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationSuccessHandlerInterface;\nuse Doctrine\\ORM\\EntityManager;\n\nclass LoginSuccessHandler implements AuthenticationSuccessHandlerInterface\n{\nprotected \n $router,\n $security,\n $entityManager;\n\npublic function __construct(Router $router, SecurityContext $security, EntityManager $entityManager)\n{\n $this->router = $router;\n $this->security = $security;\n $this->entityManager = $entityManager;\n}\n\npublic function onAuthenticationSuccess(Request $request, TokenInterface $token)\n{\n $session = $request->getSession();\n\n $attributes = $this->security->getToken()->getAttributes();\n $sgid = $attributes[\'sso:validation\'][\'sgid\'];\n\n $em = $this->entityManager;\n $qb = $em->createQueryBuilder();\n $qb->select("u")\n ->from(\'ApplicationUserBundle:User\', \'u\')\n ->where(\'u.sgid = :sgid\')\n ->AndWhere(\'u.status = 1\')\n ->setParameter("sgid", $sgid);\n\n $result = $qb->getQuery()->getOneOrNullResult();\n\n //en cas o\xc3\xb9 utilisateur est d\xc3\xa9sactiv\xc3\xa9e\n //Malgre que si il arrive a cette handler \xc3\xa7a veut dire qu\'il activ\xc3\xa9 car le test se fait sur le bundle BeSimple\n if ($result == NULL) {\n return new RedirectResponse($this->router->generate(\'login\'));\n }\n\n $session->set(\'userId\', $result->getId());\n\n $response = new RedirectResponse(\'admin\');\n\n return $response;\n }\n}\n4-现在在 Application/UserBundle/Ressources/config/security_listeners.yml 中定义一个安全监听器:
\n\nparameters:\n security.authentication.provider.sso.class: Application\\UserBundle\\Security\\BeSimple\\Authentication\\Provider\\AppAuthenticationProvider\n\nservices:\n security.authentication.provider.sso:\n class: %security.authentication.provider.sso.class%\n public: false\n arguments: [\'\', \'@security.user_checker\', \'\', \'\', false]\n5-BeSimple 配置应该是这样的:
\n\nbe_simple_sso_auth:\nadmin_sso:\n protocol:\n id: cas\n version: 2\n server:\n id: cas\n login_url: https://adresse ip:8443/cas-server-webapp-4.0.0/login\n logout_url: https://adresse ip:8443/cas-server-webapp-4.0.0/logout\n validation_url: https://adresse ip:8443/cas-server-webapp-4.0.0/serviceValidate\nservices:\n\n spawned_user_provider:\n class: Application\\UserBundle\\Security\\BeSimple\\SpawnedUserProvider\\SsoUserProvider\n arguments: [@doctrine.orm.entity_manager, @session]\n6-参数.yml
\n\n be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false\n be_simple.sso_auth.client.option.curlopt_sslversion.value: 4 (Optionale)\n7-security.yml
\n\n main:\n pattern: ^/admin\n context: marketshare_context\n logout:\n path: /admin/logout\n target: /\n #provider: sso\n trusted_sso:\n manager: admin_sso\n login_action: ApplicationUserBundle:TrustedSso:login\n logout_action: false\n login_path: /admin/login\n check_path: /admin/check\n always_use_default_target_path: true\n default_target_path: /admin/potentiel\n failure_path: /admin/logout\n| 归档时间: |
|
| 查看次数: |
3131 次 |
| 最近记录: |