我已经创建了自定义身份验证。但是由于未知的原因,有两个活动的身份验证侦听器。身份验证提供程序管理器叫做Twice。
首先调用AuthListener,然后运行mu AuthenticationProviderManager,返回正确的Token。然后调用UsernamePasswordFormAuthenticationListener,再次运行AuthenticationProviderManager。它返回"坏凭据"。
我如何"禁用"UsernamePasswordFormAuthenticationListener ?所以只调用我的定制侦听器?
providers:
api:
id: api_user_provider
firewalls:
secured_area:
pattern: ^/
user: true
form_login:
login_path: /login
check_path: /check_login
logout: ~
服务:
api_user_provider:
class: AdFrontendBundleSecurityUserUserProvider
arguments: ["@service_container"]
user.security.authentication.provider:
class: AdFrontendBundleSecurityAuthenticationProviderAuthProvider
arguments: ['', %kernel.cache_dir%/security/nonces]
user.security.authentication.listener:
class: AdFrontendBundleSecurityFirewallAuthListener
arguments: ["@security.context", "@security.authentication.manager"]
class ApiFactory implements SecurityFactoryInterface
{
public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
{
$providerId = 'security.authentication.provider.user.'.$id;
$container
->setDefinition($providerId, new DefinitionDecorator('user.security.authentication.provider'))
->replaceArgument(0, new Reference($userProvider))
;
$listenerId = 'security.authentication.listener.user.'.$id;
$listener = $container->setDefinition($listenerId, new DefinitionDecorator('user.security.authentication.listener'))
;
return array($providerId, $listenerId, $defaultEntryPoint);
}
public function getPosition()
{
return 'pre_auth';
}
public function getKey()
{
return 'user';
}
public function addConfiguration(NodeDefinition $node)
{}
}
class AdFrontendBundle extends Bundle
{
public function build(ContainerBuilder $container)
{
$extension = $container->getExtension('security');
$extension->addSecurityListenerFactory(new ApiFactory());
}
}
问得好。我知道我回答得有点晚了,但你应该这样做。
在你的工厂你有这个函数
public function getKey()
{
return 'user';
}
这是配置的关键。在SymfonyBundleSecurityBundleDependencyInjectionSecurityFactoryFormLoginFactory(启用UsernamePasswordFormAuthenticationListener的类)中,您有这个函数:
public function getKey()
{
return 'form-login';
}
如果你看一下security。yml
firewalls:
secured_area:
pattern: ^/
user: true
form_login: # <--- This is where you enables the default factory
login_path: /login
check_path: /check_login
logout: ~
你不想指定"form_login"。这是启用UsernamePasswordFormAuthenticationListener的地方。一个好的默认配置是:
firewalls:
secured_area:
pattern: ^/
user: true
logout: ~
根据Fabien的博客文章
可以使用stopPropagation函数http://api.symfony.com/2.0/Symfony/Component/EventDispatcher/Event.html method_stopPropagation
$event->stopPropagation()
更多信息可以在这里找到:http://symfony.com/doc/2.0/components/event_dispatcher/introduction.html stopping-event-flow-propagation