搜索escapestudios / wsse-authentication-bundle
Symfony2 扩展包,用于实现 WSSE 认证
Requires
- php: >=5.3.9
- doctrine/common: ~2.2
- symfony/framework-bundle: ~2.3|~3.0
- symfony/security-bundle: ~2.3|~3.0
Requires (Dev)
- symfony/finder: ~2.3|~3.0
- symfony/phpunit-bridge: ~2.7|~3.0
README
简介
EscapeWSSEAuthentication 扩展包是一种简单易用的方法,用于在 Symfony 应用程序中实现 WSSE 认证
安装
命令行
composer require escapestudios/wsse-authentication-bundle
composer.json
"require": { ... "escapestudios/wsse-authentication-bundle": "^2.2", ... }
app/AppKernel.php
public function registerBundles() { return array( //... new Escape\WSSEAuthenticationBundle\EscapeWSSEAuthenticationBundle(), //... ); ...
命令
使用随此扩展包提供的 escape:wsseauthentication:nonces:delete 命令删除过期的非ces;它需要一个(必需的)参数,即防火墙名称。
php app/console --env=dev escape:wsseauthentication:nonces:delete wsse_secured
快速使用示例
app/config/security.yml
firewalls: wsse_secured: pattern: ^/api/.* stateless: true wsse: realm: "Secured with WSSE" #identifies the set of resources to which the authentication information will apply (WWW-Authenticate) profile: "UsernameToken" #WSSE profile (WWW-Authenticate)
...就是这样!您的“wsse_secured”防火墙现在通过(开箱即用的)WSSE 认证设置进行了保护。现在您可以开始调用您的 API 端点了:生成一个 X-WSSE 标头(Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder)并将其添加到您的请求中(cUrl)。强烈建议在基本设置完成后,阅读下面的更高级配置...
高级配置
指定自定义令牌有效期
默认值:300
app/config/security.yml
firewalls: wsse_secured: #... wsse: #... lifetime: 300 # or -1 for infinite lifetime tokens (please use with extreme care!)
指定自定义日期格式
默认值:请参阅下面的正则表达式以检查 ISO8601(查看)
app/config/security.yml
firewalls: wsse_secured: #... wsse: #... date_format: '/^([\+-]?\d{4}(?!\d{2}\b))((-?)((0[1-9]|1[0-2])(\3([12]\d|0[1-9]|3[01]))?|W([0-4]\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\d|[12]\d{2}|3([0-5]\d|6[1-6])))([T\s]((([01]\d|2[0-3])((:?)[0-5]\d)?|24\:?00)([\.,]\d+(?!:))?)?(\17[0-5]\d([\.,]\d+)?)?([zZ]|([\+-])([01]\d|2[0-3]):?([0-5]\d)?)?)?)?$/'
指定自定义摘要算法
默认值:使用 1 次迭代的 base64 编码 sha1
⚠️ 请将摘要算法更改为更强大的算法,例如 bcrypt ⚠️
app/config/security.yml
firewalls: wsse_secured: #... wsse: #... encoder: #digest algorithm algorithm: sha1 encodeHashAsBase64: true iterations: 1
指定自定义 nonce 缓存
默认值:Doctrine\Common\Cache\PhpFileCache 在 %kernel.cache_dir%/security/nonces 中
app/config/security.yml
services: #... cache_nonces: class: Doctrine\Common\Cache\PhpFileCache arguments: [%kernel.cache_dir%/security/nonces]
app/config/security.yml
firewalls: wsse_secured: #... wsse: #... nonce_cache_service_id: cache_nonces
使用多个提供者
app/config/security.yml
providers: provider_one: #... provider_two: #... firewalls: wsse_secured_by_provider_one: provider: provider_one wsse: #... wsse_secured_by_provider_two: provider: provider_two wsse: #...
在具有 WSSE 作为多种认证机制之一的防火墙上使用特定的用户提供者
app/config/security.yml
providers: users: #... wsse_users: memory: users: - { name: 'someuser', password: 'somesecret' } firewalls: secured: provider: users wsse: #... provider: wsse_users #don't make use of firewall's "users"-provider, but "wsse_users"-provider for WSSE
指定自定义认证类(s)
app/config/config.yml
# Escape WSSE authentication configuration escape_wsse_authentication: authentication_provider_class: Escape\WSSEAuthenticationBundle\Security\Core\Authentication\Provider\Provider authentication_listener_class: Escape\WSSEAuthenticationBundle\Security\Http\Firewall\Listener authentication_entry_point_class: Escape\WSSEAuthenticationBundle\Security\Http\EntryPoint\EntryPoint authentication_encoder_class: Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder