搜索lutskanu / wsse-authentication-bundle
Symfony2 扩展包,用于实现 WSSE 身份验证
Requires
- php: >=5.3.9
- doctrine/common: ~2.2
- symfony/framework-bundle: ~2.3|~3.0
- symfony/security-bundle: ~2.3|~3.0
Requires (Dev)
- symfony/finder: ~2.3|~3.0
- symfony/phpunit-bridge: ~2.7|~3.0
README
简介
The EscapeWSSEAuthentication bundle 是一种简单易行的方式,用于在 Symfony 应用程序中实现 WSSE 身份验证。
安装
命令行
composer require escapestudios/wsse-authentication-bundle
composer.json
"require": { ... "escapestudios/wsse-authentication-bundle": "^2.2", ... }
app/AppKernel.php
public function registerBundles() { return array( //... new Escape\WSSEAuthenticationBundle\EscapeWSSEAuthenticationBundle(), //... ); ...
命令
使用此扩展包提供的 escape:wsseauthentication:nonces:delete 命令删除过期的非ces,该命令以防火墙名称作为(必需)参数。
php app/console --env=dev escape:wsseauthentication:nonces:delete wsse_secured
快速使用示例
app/config/security.yml
firewalls: wsse_secured: pattern: ^/api/.* stateless: true wsse: realm: "Secured with WSSE" #identifies the set of resources to which the authentication information will apply (WWW-Authenticate) profile: "UsernameToken" #WSSE profile (WWW-Authenticate)
...就这么多!您的 "wsse_secured"-防火墙现在通过(开箱即用的)WSSE 身份验证设置得到保护。您现在可以开始调用您的 API 端点:生成一个 X-WSSE 标头(Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder)并将其添加到您的请求中(cUrl)。强烈建议在熟悉基本设置后,阅读下面的更高级配置...
高级配置
指定自定义令牌有效期
默认值:300
app/config/security.yml
firewalls: wsse_secured: #... wsse: #... lifetime: 300 # or -1 for infinite lifetime tokens (please use with extreme care!)
指定自定义日期格式
默认值:请参阅下面的正则表达式以查看 ISO8601(查看)
app/config/security.yml
firewalls: wsse_secured: #... wsse: #... date_format: '/^([\+-]?\d{4}(?!\d{2}\b))((-?)((0[1-9]|1[0-2])(\3([12]\d|0[1-9]|3[01]))?|W([0-4]\d|5[0-2])(-?[1-7])?|(00[1-9]|0[1-9]\d|[12]\d{2}|3([0-5]\d|6[1-6])))([T\s]((([01]\d|2[0-3])((:?)[0-5]\d)?|24\:?00)([\.,]\d+(?!:))?)?(\17[0-5]\d([\.,]\d+)?)?([zZ]|([\+-])([01]\d|2[0-3]):?([0-5]\d)?)?)?)?$/'
指定自定义摘要算法
默认值:基础 64 编码的 sha1,迭代次数为 1
⚠️ 请将摘要算法更改为更强的一种,例如 bcrypt ⚠️
app/config/security.yml
firewalls: wsse_secured: #... wsse: #... encoder: #digest algorithm algorithm: sha1 encodeHashAsBase64: true iterations: 1
指定自定义非ces 缓存
默认值:Doctrine\Common\Cache\PhpFileCache 在 %kernel.cache_dir%/security/nonces
app/config/security.yml
services: #... cache_nonces: class: Doctrine\Common\Cache\PhpFileCache arguments: [%kernel.cache_dir%/security/nonces]
app/config/security.yml
firewalls: wsse_secured: #... wsse: #... nonce_cache_service_id: cache_nonces
使用多个提供者
app/config/security.yml
providers: provider_one: #... provider_two: #... firewalls: wsse_secured_by_provider_one: provider: provider_one wsse: #... wsse_secured_by_provider_two: provider: provider_two wsse: #...
在具有 WSSE 作为多种身份验证机制之一的防火墙中使用特定的用户提供者
app/config/security.yml
providers: users: #... wsse_users: memory: users: - { name: 'someuser', password: 'somesecret' } firewalls: secured: provider: users wsse: #... provider: wsse_users #don't make use of firewall's "users"-provider, but "wsse_users"-provider for WSSE
指定自定义身份验证类(es)
app/config/config.yml
# Escape WSSE authentication configuration escape_wsse_authentication: authentication_provider_class: Escape\WSSEAuthenticationBundle\Security\Core\Authentication\Provider\Provider authentication_listener_class: Escape\WSSEAuthenticationBundle\Security\Http\Firewall\Listener authentication_entry_point_class: Escape\WSSEAuthenticationBundle\Security\Http\EntryPoint\EntryPoint authentication_encoder_class: Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder