我确实按照cookbook来实现自定义身份验证提供程序,但authenticate()不会从WsseProvider执行。
我检查了supports()函数,它可以正常工作。
PHP Storm使用authenticate函数给出以下错误:
声明必须与AuthenticationManagerInterface-> authenticate兼容(令牌:\ Symfony \ Component \ Security \ Core \ Authentication \ TokenInterface)
但是我已经按照食谱中的说明导入了TokenInterface:
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
所以PHP Storm要求我改为:
use Symfony\Component\Security\Core\Authentication\TokenInterface;
但是使用这个supports()并不执行。
任何人都知道我为什么会收到此错误,和/或为什么验证不执行? 我按照烹饪书中的说明完全按照步骤进行操作。
以下是代码:
<?php
namespace AppBundle\Security\Authentication\Provider;
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\NonceExpiredException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; //Using this authenticate doesnt work
//use Symfony\Component\Security\Core\Authentication\TokenInterface; //Using this supports doesnt work
use AppBundle\Security\Authentication\Token\WsseUserToken;
use Symfony\Component\Security\Core\Util\StringUtils;
class WsseProvider implements AuthenticationProviderInterface
{
private $userProvider;
private $cacheDir;
public function __construct(UserProviderInterface $userProvider, $cacheDir)
{
$this->userProvider = $userProvider;
$this->cacheDir = $cacheDir;
}
public function supports(TokenInterface $token)
{
return $token instanceof WsseUserToken;
}
public function authenticate(TokenInterface $token)
{
die('authenticate is executed'); //This doesnt fire
$user = $this->userProvider->loadUserByUsername($token->getUsername());
if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
$authenticatedToken = new WsseUserToken($user->getRoles());
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
throw new AuthenticationException('The WSSE authentication failed.');
}
/**
* This function is specific to Wsse authentication and is only used to help this example
*
* For more information specific to the logic here, see
* https://github.com/symfony/symfony-docs/pull/3134#issuecomment-27699129
*/
protected function validateDigest($digest, $nonce, $created, $secret)
{
// Check created time is not in the future
if (strtotime($created) > time()) {
return false;
}
// Expire timestamp after 5 minutes
if (time() - strtotime($created) > 300) {
return false;
}
// Validate that the nonce is *not* used in the last 5 minutes
// if it has, this could be a replay attack
if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) {
throw new NonceExpiredException('Previously used nonce detected');
}
// If cache directory does not exist we create it
if (!is_dir($this->cacheDir)) {
mkdir($this->cacheDir, 0777, true);
}
file_put_contents($this->cacheDir.'/'.$nonce, time());
// Validate Secret
$expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true));
return StringUtils::equals($expected, $digest);
}
}