我想通过JWT设置symfony4 api JSON登录。 安装了api平台核心软件包,我遵循了这条指令:https://api-platform.com/docs/core/jwt/
我按照描述创建了自定义用户提供程序。 通过打开URL / api / login_check错误消息"无法找到路径" / api / login_check"的控制器。路由配置错误。"发生。
通过发送POST请求,我得到了html中的错误页面。
这是我的 routes.yaml :
#index:
# path: /
# controller: App\Controller\DefaultController::index
api_login_check:
path: /api/login_check
这是我的 security.yaml :
security:
encoders:
App\Security\User\WebserviceUser: bcrypt
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
webservice:
id: App\Security\User\WebserviceUserProvider
in_memory: { memory: ~ }
main:
entity: { class: App\Entity\User, property: email }
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
provider: webservice
json_login:
check_path: /api/login_check
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
provider: webservice
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
# activate different ways to authenticate
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
# form_login: true
# https://symfony.com/doc/current/security/form_login_setup.html
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
bin / console debug:route 返回:
--------------------------- -------- -------- ------ -------------------------------------
Name Method Scheme Host Path
--------------------------- -------- -------- ------ -------------------------------------
api_entrypoint ANY ANY ANY /api/{index}.{_format}
api_doc ANY ANY ANY /api/docs.{_format}
api_jsonld_context ANY ANY ANY /api/contexts/{shortName}.{_format}
api_users_get_collection GET ANY ANY /api/users.{_format}
api_users_post_collection POST ANY ANY /api/users.{_format}
api_users_get_item GET ANY ANY /api/users/{id}.{_format}
api_users_delete_item DELETE ANY ANY /api/users/{id}.{_format}
api_users_put_item PUT ANY ANY /api/users/{id}.{_format}
_twig_error_test ANY ANY ANY /_error/{code}.{_format}
api_login_check ANY ANY ANY /api/login_check
--------------------------- -------- -------- ------ -------------------------------------
有人知道我的错误是什么吗?
答案 0 :(得分:4)
我遇到了同样的问题,并且似乎标题
Content-Type: application/json
在请求/api/login_check
答案 1 :(得分:1)
似乎您尚未为此路径声明Controller
:
api_login_check:
path: /api/login_check
controller: App\Controller\AuthenticationController::login
答案 2 :(得分:1)
在security.yaml这些行中添加注释:
main:
anonymous: true
答案 3 :(得分:0)
好吧,我认为你不必重新定义这条道路:
api_login_check: 路径:/ api / login_check
删除并测试它。
并检查此check_path:/ api / login_check是否正确,因为这不是来自FOSUserBundle的标准login_check。
希望有所帮助。
答案 4 :(得分:0)
使用路线调试器查看路线是否在此处:
php bin/console debug:route | grep login_check
如果没有,请添加它!
在route.yml内部:
api_login_check:
path: /api/login_check
(或检查应该为您添加的捆绑包的配置)。
答案 5 :(得分:0)
有相同的问题,但是当我更改防火墙中嵌套配置的顺序时,它解决了该问题,lexik jwt开始工作。 我的配置:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# activate different ways to authenticate
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
anonymous: true
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
# form_login: true
# https://symfony.com/doc/current/security/form_login_setup.html
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /api/user/activate, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
routes.yaml
app:
path: /{params}
controller: App\Controller\DefaultController::index
requirements:
params: "^(?!admin|api).+"
api_login_check:
path: /api/login
methods: [POST]
答案 6 :(得分:0)
我的security.yaml与您的相似,您可能会错误地测试配置结果,重置url,用户名和密码。
对此进行测试:
curl -X POST -H "Content-Type: application/json" http://localhost/api/login_check -d '{"username":"USER", "password":"PASSWORD"}
这是我的安全保障
security:
encoders:
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }