我已登录主域名。说 example.com (在传统kohana中开发的应用程序)。我正在尝试登录到子域名,例如 foo.bar.example.com 。
foo.example.com是symfony app。以下是我的配置。 Dev too bar显示“匿名”用户。它不会从cookie中的会话ID中注册用户。
security.yml
# To get started with security, check out the documentation:
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
Config.yml
framework:
#esi: ~
#translator: { fallbacks: ["%locale%"] }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
#serializer: { enable_annotations: true }
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: %trusted_proxies%
session:
# handler_id set to null will use default session handler from php.ini
handler_id: 'snc_redis.session.handler'
name: 'MY_COOKIE_NAME'
cookie_domain: '.example.com'
fragments: ~
http_method_override: true
request:
formats:
pdf: 'application/pdf'
epub: 'application/epub+zip'
snc_redis:
session:
client: session
prefix: ''
clients:
default:
type: predis
alias: default
dsn: %redis_dsn%
logging: false
options:
# profile: 2.6
profile: 2.2
connection_persistent: false
slave:
type: predis
alias: slave
logging: false
dsn: %redis_dsn_slave%
session:
type: predis
alias: session
dsn: %redis_dsn%
我是否需要配置至少一个身份验证提供程序?要么 我需要编写自定义身份验证提供程序,就像记住我一样吗?
的Symfony \元器件\安全\ HTTP \防火墙\ AbstractAuthenticationListener->处理
有
if ($this->options['require_previous_session'] && !$request->hasPreviousSession()) {
throw new SessionUnavailableException('Your session has timed out, or you have disabled cookies.');
}
和请求
public function hasPreviousSession()
{
// the check for $this->session avoids malicious users trying to fake a session cookie with proper name
return $this->hasSession() && $this->cookies->has($this->session->getName());
}
答案 0 :(得分:0)
在主域中,登录后,您可以将令牌保存到数据库和cookie中,在第二个应用程序中,您应该创建一个自定义身份验证器,该身份验证器可以从导航器中恢复令牌并提取到数据库中。如果找到匹配项,它将对用户进行身份验证。
security:
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
stateless: true
provider: customProvider
guard:
authenticators:
- App\Security\TokenAuthenticator
src / Security / TokenAuthenticator.php
namespace App\Security;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
class TokenAuthenticator extends AbstractGuardAuthenticator
{
private $em;
public function __construct(EntityManagerInterface $em)
{
$this->em = $em;
}
/**
* Called on every request to decide if this authenticator should be
* used for the request. Returning false will cause this authenticator
* to be skipped.
*/
public function supports(Request $request)
{
return true;
}
/**
* Called on every request. Return whatever credentials you want to
* be passed to getUser() as $credentials.
*/
public function getCredentials(Request $request)
{
return [
'token' => // recover token from cookies,
];
}
public function getUser($credentials, UserProviderInterface $userProvider)
{
$token = $credentials['token'];
if (null === $token) {
return;
}
// if a User object, checkCredentials() is called
return $this->em->getRepository(User::class)
->findOneBy(['token' => $token]);
}
public function checkCredentials($credentials, UserInterface $user)
{
// check credentials - e.g. make sure the password is valid
// no credential check is needed in this case
// return true to cause authentication success
return true;
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
{
// on success, let the request continue
return null;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$data = [
'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
// or to translate this message
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
];
return new JsonResponse($data, Response::HTTP_FORBIDDEN);
}
/**
* Called when authentication is needed, but it's not sent
*/
public function start(Request $request, AuthenticationException $authException = null)
{
$data = [
// you might translate this message
'message' => 'Authentication Required'
];
return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
}
public function supportsRememberMe()
{
return false;
}
}
希望它能解决您的问题