Symfony2 App with RESTful authentication, using FOSRestBundle and FOSUserBundle
Solution 1
I was able to find a simple solution. I only needed to write a class, that implements AuthenticationSuccessHandlerInterface and AuthenticationFailureHandlerInterface.
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
class AuthenticationRestHandler implements AuthenticationSuccessHandlerInterface, AuthenticationFailureHandlerInterface {
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) {
return new Response('', Response::HTTP_UNAUTHORIZED);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token) {
return new Response('', Response::HTTP_NO_CONTENT);
}
}
Then I registered it as a service and configured as handlers for the firewall.
services:
security.authentication_rest_handler:
class: AuthenticationRestHandler
security:
firewalls:
rest:
pattern: ^rest
context: app
form_login:
check_path: /rest/login
provider: fos_userbundle
failure_handler: inspireon.security.authentication_rest_handler
success_handler: inspireon.security.authentication_rest_handler
username_parameter: login
password_parameter: password
Problem solved and no complicated authentication provider needed :-)
Solution 2
I understood your problem because I passed by a similar situation but with SOAP services. In the middle I could re-search the security wsse and Symfony2 has already provides a solution
http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
It works with a real token and you can match with an user in FOSUserBundle. The only think that I see is the field "password" that you want to compare is the same that in the database (with encryption) then I decided to create a extra field only for this use.
I hope that it help you.
Greetings
Related videos on Youtube
08 : 32
13 : 57
26 : 11
![🔑 Symfony Authentication Tutorial | 👤 Authenticating Users | Login Form - Symfony Workshop [2021]](https://i.ytimg.com/vi/dMVRcwlqJZE/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAyS35NX_WBgdUxtXm55DWqay0-Ig)
12 : 36
10 : 17
50 : 44
![FOSUserBundle [1/15] - Getting Started with FOSUserBundle](https://i.ytimg.com/vi/srJOhjyy6bk/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCHEk1PRvq2OZH8pqn7lHoKEyGtLA)
07 : 04
![Symfony 5 : JWT Authentication - مصادقة الدخول [Part 1]](https://i.ytimg.com/vi/iClk419iYjI/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCK7q9E525Ze_5s8wcIGLw6GX1rrg)
13 : 51
10 : 45
19 : 48
09 : 11
Michal Artazov
Senior software developer at SignageOS.io Expert on everything web related but I prefer backend
Updated on June 04, 2022Comments
-
Michal Artazov almost 2 years
I'm making REST API for my JS driven app.
During login, the login form is submitted via AJAX to url
/rest/loginof my API.- If the login is succesful, it returns 204
- If it fails, it returns 401
While I have separated firewalls for the API and the app itself, they share the same context which should mean, that when user authenticates against the API, he's authenticated against the app too. So, when the server returns 204, page will reload and it should redirect user to the app, because he's now logged in.
I tried to use pre-made
check_loginpage of the FOSUserBundle and pointed/rest/loginthere.login: path: /rest/login defaults: _controller: FOSUserBundle:Security:check methods: [ POST ]That doesn't work, because it always returns redirect, no matter what. I read documentation for symfony and couldn't find, how to make a custom
check_loginpage. What I need is something like thisuse Symfony\Component\Security\Core\Exception\AuthenticationException; use FOS\RestBundle\Controller\Annotations\View; class SecurityController { /** * @View(statusCode=204) */ public function loginAction($username, $password) { /* first I need to somehow authenticate user using normal authentication, that I've set up */ ... /* Then I need to return 204 or throw exception, based on result. This is done using FOSRestBundle and it's listeners. */ if(!$succesful) { throw new AuthenticationException(); } } }I don't have a clue how to do that. Nothing I found in any documentation helped me a bit. I will be thankful for any suggestion that would point me in right direction.
EDIT: To further simplify, what I'm aiming for. I want my login to function exactly the same as normal form_login. I only want to change the response, that it sends back - instead of redirect I want 204 on success and 401 on failure.
-
Michal Artazov over 9 yearsSo, do I need to implement whole new custom authentication provider? Imo it's a bit overkill, because all I need to change is the behaviour of the listener to send 204/401 instead of redirect, not the whole process.