问题描述
我正在寻找一个包到CAS认证的Symfony的2.3集成。我发现这些选项,事实是,我不相信任何,因为几乎所有的包似乎没有更新被放弃。
I'm looking for a bundle to integrate CAS authentication on Symfony 2.3. I found these options and the truth is I'm not convinced any, since almost all bundles seem to be abandoned without updating.
1:sensiolabs / CasBundle:
该文档是稀疏的和不完整的。我还没有找到如何使用它的例子。
1.- sensiolabs / CasBundle: https://github.com/sensiolabs/CasBundleThe documentation is sparse and incomplete. I have not found any examples of how to use it.
2:BeSimple / BeSimpleSsoAuthBundle:https://github.com/BeSimple/BeSimpleSsoAuthBundle
有了这个我测试,我有一些问题。我觉得我对解决4日的问题,我得到的背后另有
2.- BeSimple / BeSimpleSsoAuthBundle: https://github.com/BeSimple/BeSimpleSsoAuthBundleWith this I'm testing and I am having some problems. I think I'm on the 4th problem solved and I get behind another.
3 .- Symfony的CAS客户端:https://wiki.jasig.org/display/CASC/Symfony+CAS+Client
完全过时
3.- Symfony CAS Client: https://wiki.jasig.org/display/CASC/Symfony+CAS+ClientTotally outdated
真的,有这么几个选项的symfony与CAS认证?
Really, there are so few options to authenticate with CAS in symfony?
推荐答案
我有同样的问题之前,我用它解决BeSimpleSsoAuthBundle但你必须做一些修改:
假定你有你的用户实体已经被你UserBundle实施,具有独特的属性,SGID你必须覆盖:
1- BeSimple \\ SsoAuthBundle \\安全\\核心\\用户:
I have the same issue before and i resolved it using BeSimpleSsoAuthBundle but you have to make a few changes :Supposed that you have your user entity has been already implemented in your UserBundle, with a unique attribute sgid you have to override :1- BeSimple\SsoAuthBundle\Security\Core\User :
<?php
namespace Application\UserBundle\Security\BeSimple\SpawnedUserProvider;
use BeSimple\SsoAuthBundle\Security\Core\User\SpawnedUserProvider;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\User;
use Symfony\Component\HttpFoundation\RedirectResponse;
class SsoUserProvider extends SpawnedUserProvider
{
/**
* @var array
*/
private $roles;
/**
* Constructor.
*
* @param array $roles An array of roles
*/
private $entityManager;
private $securityContext;
public function __construct($em, $securityContext) {
$this->em = $em;
$this->securityContext = $securityContext;
}
/**
* {@inheritdoc}
*/
public function loadUserByUsername($username)
{
$session = $this->securityContext;
$qb = $this->em->createQueryBuilder();
$qb->select("u")
->from('ApplicationUserBundle:User', 'u')
->where('u.sgid = :sgid')
->AndWhere('u.status = 1')
->setParameter("sgid", $username);
$result = $qb->getQuery()->getOneOrNullResult();
if ($result == NULL) {
$session->getFlashBag()->add('error', 'Vous ne pouvez pas vous connecter car votre compte est désactivé');
return new RedirectResponse('login');
}
$user_name = $result->getFirstName().' '.$result->getLastName();
$session->set('userId', $result->getId());
if ($result->getUserType() == 1) {
$this->roles = array('ROLE_ADMIN');
}else if ($result->getUserType() == 0){
$this->roles = array('ROLE_USER');
}else{
$session->getFlashBag()->add('error', 'Vous ne pouvez pas vous connecter car votre compte n\'a pas de rôle');
return new RedirectResponse('logout');
}
return $this->spawnUser($user_name);
}
/**
* {@inheritDoc}
*/
public function refreshUser(UserInterface $user)
{
if (!$user instanceof User) {
throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
}
return $this->spawnUser($user->getUsername());
}
/**
* {@inheritDoc}
*/
public function supportsClass($class)
{
return $class === 'Symfony\Component\Security\Core\User\User';
}
/**
* Spawns a new user with given username.
*
* @param string $username
*
* @return \Symfony\Component\Security\Core\User\User
*/
private function spawnUser($username)
{
//$this->roles = $this->userType;
return new User($username, null, (array)$this->roles, true, true, true, true);
}
}
2 - 覆盖也BeSimple \\ SsoAuthBundle \\安全\\核心\\认证\\提供商:
2- Override also BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider :
<?php
namespace Application\UserBundle\Security\BeSimple\Authentication\Provider;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use BeSimple\SsoAuthBundle\Security\Core\User\UserFactoryInterface;
/*
* @Override
*/
use BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider\SsoAuthenticationPr ovider;
class AppAuthenticationProvider extends SsoAuthenticationProvider
{
/**
* @var UserProviderInterface
*/
private $userProvider;
/**
* @var bool
*/
private $createUsers;
/**
* @var bool
*/
private $hideUserNotFound;
/**
* @Override file
* @throws \Symfony\Component\Security\Core\Exception\UsernameNotFoundException
* @throws \Symfony\Component\Security\Core\Exception\BadCredentialsException
*
* @param string $username
* @param array $attributes
*
* @return UserInterface
*/
protected function provideUser($username, array $attributes = array())
{
try {
$user = $this->retrieveUser($username);
} catch (UsernameNotFoundException $notFound) {
if ($this->createUsers && $this->userProvider instanceof UserFactoryInterface) {
$user = $this->createUser($username, $attributes);
} elseif ($this->hideUserNotFound) {
throw new BadCredentialsException('Bad credentials', 0, $notFound);
} else {
throw $notFound;
}
}
return $user;
}
}
3。当用户登录到应用程序保存在会话所需的信息:
3- When user login to your application save needed information in session :
<?php
namespace Application\UserBundle\Security\Authentication\Handler;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Router;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Doctrine\ORM\EntityManager;
class LoginSuccessHandler implements AuthenticationSuccessHandlerInterface
{
protected
$router,
$security,
$entityManager;
public function __construct(Router $router, SecurityContext $security, EntityManager $entityManager)
{
$this->router = $router;
$this->security = $security;
$this->entityManager = $entityManager;
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
$session = $request->getSession();
$attributes = $this->security->getToken()->getAttributes();
$sgid = $attributes['sso:validation']['sgid'];
$em = $this->entityManager;
$qb = $em->createQueryBuilder();
$qb->select("u")
->from('ApplicationUserBundle:User', 'u')
->where('u.sgid = :sgid')
->AndWhere('u.status = 1')
->setParameter("sgid", $sgid);
$result = $qb->getQuery()->getOneOrNullResult();
//en cas où utilisateur est désactivée
//Malgre que si il arrive a cette handler ça veut dire qu'il activé car le test se fait sur le bundle BeSimple
if ($result == NULL) {
return new RedirectResponse($this->router->generate('login'));
}
$session->set('userId', $result->getId());
$response = new RedirectResponse('admin');
return $response;
}
}
4-现在,在应用程序定义安全听者/ UserBundle / Ressources /配置/ security_listeners.yml:
4- Now define a security listner in Application/UserBundle/Ressources/config/security_listeners.yml :
parameters:
security.authentication.provider.sso.class: Application\UserBundle\Security\BeSimple\Authentication\Provider\AppAuthenticationProvider
services:
security.authentication.provider.sso:
class: %security.authentication.provider.sso.class%
public: false
arguments: ['', '@security.user_checker', '', '', false]
5- BeSimple的配置应该是这样的:
5- The BeSimple configuration should be like that :
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://adresse ip:8443/cas-server-webapp-4.0.0/login
logout_url: https://adresse ip:8443/cas-server-webapp-4.0.0/logout
validation_url: https://adresse ip:8443/cas-server-webapp-4.0.0/serviceValidate
services:
spawned_user_provider:
class: Application\UserBundle\Security\BeSimple\SpawnedUserProvider\SsoUserProvider
arguments: [@doctrine.orm.entity_manager, @session]
6- parameters.yml
6- The parameters.yml
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false
be_simple.sso_auth.client.option.curlopt_sslversion.value: 4 (Optionale)
7的security.yml
7- The security.yml
main:
pattern: ^/admin
context: marketshare_context
logout:
path: /admin/logout
target: /
#provider: sso
trusted_sso:
manager: admin_sso
login_action: ApplicationUserBundle:TrustedSso:login
logout_action: false
login_path: /admin/login
check_path: /admin/check
always_use_default_target_path: true
default_target_path: /admin/potentiel
failure_path: /admin/logout
这篇关于CAS认证的Symfony2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!