我有一个SSO应用程序,其中apache给了我用户。我想根据我的应用程序定义的角色授权用户,并且对于第一个请求存储用户管理权限用户的详细信息。
因此我将security.yml定义为:
security:
providers:
webservice:
id: webservice_user_provider
firewalls:
dev:
pattern: ^/(css|images|js)/
security: false
secured_area:
pattern: ^/.*
remote_user:
provider: webservice
,班级如下:
// src/AppBundle/Security/User/WebserviceUserProvider
class WebserviceUserProvider implements UserProviderInterface
{
public function __construct(Container $container, ObjectManager $em)
{
$this->container = $container;
$this->em = $em;
}
/**
* Function loadUserByUsername.
*
* @param mixed $username username
* @param mixed $userName
*/
public function loadUserByUsername($userName)
{
// I have to check if user exists in browser session and the SSO user is same as session user, hence I am checking 03 scenarios:
if no session creating user from fresh and store in DB
if session exists and match with SSO user then do nothing
if session exists but no match, then destroy session and create user->create session
}
/**
* Function refreshUser.
*
* @param UserInterface $user user
*/
public function refreshUser(UserInterface $user)
{
if (!$user instanceof WebserviceUser) {
throw new UnsupportedUserException(
sprintf(
'Instances of "%s" are not supported.',
get_class($user)
)
);
}
return $this->loadUserByUsername(
$user->getUsername()
);
}
}
我的问题是,