将LexikJWTAuthenticationBundle与LDAP提供程序一起使用

时间:2020-01-30 15:26:20

标签: ldap lexikjwtauthbundle symfony-4.4

我有一个使用Symfony API平台的项目。我想在项目上使用LexikJWTAuthenticationBundle,但是我的用户存储在Active Directory中,因此我设置了LDAP UserProvider。我尝试将以下两个文档的设置结合在一起,但没有成功:

这就是我所做的

在security.yml中:

security:
    providers:
        my_ldap:
            ldap:
                service:     Symfony\Component\Ldap\Ldap
                base_dn:     OU=organization_unit,DC=domain,DC=local
                search_dn:   "OU=organization_unit,DC=domain,DC=local"
                search_password: '%env(resolve:LDAP_PASSWORD)%'
                default_roles: ROLE_USER
                uid_key: uid
firewalls:
    login:
        pattern:  ^/api/login
        stateless: true
        anonymous: true
        json_login:
            provider: my_ldap
            check_path:               /api/login_check
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure

    api: 
        pattern:   ^/api/
        stateless: true
        guard:
            provider: my_ldap
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator

在services.yml中:

Symfony\Component\Ldap\Ldap:
    arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
    arguments:
        -   host: '%env(resolve:LDAP_HOST)%'
            port: 636
            # encryption: tls
            options:
                protocol_version: 3
                referrals: false

但是当我尝试将请求发送到具有以下内容的my_domain / api / login_check时:

{
  "username": "my_user",
  "password": "my_password"
}

我收到此错误作为响应:

{"code":401,"message":"Invalid credentials."}

1 个答案:

答案 0 :(得分:0)

我已经通过使用自定义操作解决了我的问题,该操作检查使用LDAP的用户是否存在并获得其角色。然后,如果新获得的用户被授权使用该应用程序,那么我将创建一个新令牌并在响应中返回它。最后,令牌用于验证用户对API的每次调用。

这是我的安全性。yml

providers:
    # provider to retrieve user from LDAP
    my_ldap:
        id: App\Security\LdapService
    # provider to retrieve user from user
    jwt:
        lexik_jwt:
            class: App\Security\User
firewalls:
    login:
        pattern:  ^/api/login
        stateless: true
        anonymous: true
api: 
        pattern:   ^/api/
        stateless: true
        guard:
            provider: jwt
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator

控制器中的登录操作:

/**
 * @Route("/api/login", name="api_login", methods={"POST"})
 */
public function loginCheck(Request $request, LdapService $ldapService, AuthenticationSuccessHandler $authenticationSuccessHandler, AuthenticationFailureHandler $authenticationFailureHandler){
    $content = json_decode($request->getContent());
    $response= new JsonResponse();
    try{
        $user=$ldapService->authenticate($content->username, $content->password);
        return $authenticationSuccessHandler->handleAuthenticationSuccess($user);
    }catch(AuthenticationException $e){
        return $authenticationFailureHandler->onAuthenticationFailure($request, $e);
    }        
    return $response;    
}
相关问题
最新问题