1
0
mirror of synced 2024-11-25 06:16:06 +03:00
service-bundle/Resources/doc/Security.md
2022-07-21 17:39:34 +03:00

1.9 KiB

Authentication

Example security configuration:

security:
    hide_user_not_found: false
    providers:
        connection:
            entity: { class: App\Entity\Connection, property: clientId }
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        simple-connection:
            pattern: ^/simple-connection
            stateless: true
            security: false
        front:
            pattern: ^/front
            provider: connection
            stateless: true
            custom_authenticators:
                - RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator
        main:
            pattern: ^/
            lazy: true

    access_control:
        - { path: ^/front, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/(simple-connection), roles: PUBLIC_ACCESS }

Login controller will be called after the authenticator successfully authenticates the user. You can get the authenticated user, generate a token (or whatever you need to return) and return response:


    use App\Entity\User;
    use Symfony\Component\Security\Http\Attribute\CurrentUser;

    class ApiLoginController extends AbstractController
    {
        #[Route('/front', name: 'front')]
        public function front(#[CurrentUser] ?User $user): Response
        {
            $token = ...; // somehow create an API token for $user
 
            return $this->json([
                'user'  => $user->getUserIdentifier(),
                'token' => $token,
            ]);
        }
    }

The #[CurrentUser] can only be used in controller arguments to retrieve the authenticated user. In services, you would use getUser().

See the manual for more information.

If you set the parameter stateless: false, then during an active session the login will be made on the basis of the data deserialized from the session storage