用于移动应用程序

用于移动应用程序

本文介绍了Symfony2 api 的身份验证(用于移动应用程序)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我为我的 Symfony2 应用程序开发了一个 REST api.此 api 将由移动应用程序使用.大部分功能是在当前经过身份验证的用户的上下文中完成的,即:

$this->container->get('security.context')->getToken()->getUser()

我希望移动应用程序能够像传统的网络表单一样发布登录操作.如果凭据检出,那么 Symfony2 会做它的事情并设置一个 cookie(这甚至在访问 api 的移动应用程序的上下文中工作吗?).然后来自该手机的 api 请求(希望)可以与原生 symfony2 security.context 服务容器一起使用.

这行得通吗?在将 API 提供给移动开发人员之前,我需要弄清楚这个授权过程.如果可能的话,我显然希望能够使用本机 security.context 服务,而不是为使用 xAuth 或类似内容的 api 构建新的身份验证系统.

谢谢

解决方案

我认为你应该无状态(没有 cookie).

我遇到了同样的问题,我做了什么:

  • 在您的 app/config/security.yml 中,添加:
安全:...防火墙:休息_网络服务:模式:/webservice/rest/.*无状态:真http_基本:提供者:provider_name...

  • 现在您可以向您的网络服务发出请求:

class AuthTest 扩展了 WebTestCase{公共函数 testAuthenticatedWithWebservice(){$client = $this->createClient();//未认证$client->request('GET', '/webservice/rest/url');$this->assertEquals(401, $client->getResponse()->getStatusCode());//已认证$client->request('GET', '/webservice/rest/url', array(), array(), array('PHP_AUTH_USER' =>'用户名','PHP_AUTH_PW' =>'密码'));$this->assertEquals(200, $client->getResponse()->getStatusCode());}}

I've developed a REST api for my Symfony2 application. This api will be used by a mobile app. Much of the functionality is done in the context of the currently authenticated user, ie:

$this->container->get('security.context')->getToken()->getUser()

I'm hoping that the mobile app will be able to post to the login action just like a traditional web form. If the credentials check out then Symfony2 does it's thing and sets a cookie (does this even work in the context of a mobile app accessing an api?). Then later api requests from that mobile phone will (hopefully) work with the native symfony2 security.context service container.

Would this work? I need to figure out this authorization process before I take the API to the mobile developers. If possible I'd obviously like to be able to use the native security.context service instead of building out a new auth system for the api that uses xAuth or something similar.

Thanks

解决方案

I think you should do it stateless (without cookie).

I had the same problem, what i did:

  • in your app/config/security.yml, add:

security:
    ...
    firewalls:
        rest_webservice:
            pattern: /webservice/rest/.*
            stateless: true
            http_basic:
                provider: provider_name
    ...

  • Now you can make a request to your webservice:

class AuthTest extends WebTestCase
{
    public function testAuthenticatedWithWebservice()
    {
        $client = $this->createClient();

        // not authenticated
        $client->request('GET', '/webservice/rest/url');
        $this->assertEquals(401, $client->getResponse()->getStatusCode());

        // authenticated
        $client->request('GET', '/webservice/rest/url', array(), array(), array(
            'PHP_AUTH_USER' => 'username',
            'PHP_AUTH_PW' => 'password'
        ));
        $this->assertEquals(200, $client->getResponse()->getStatusCode());
    }
}

这篇关于Symfony2 api 的身份验证(用于移动应用程序)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-19 00:21