mittax / wsse-bundle
一个用于使用Webservice Security Standard保护API调用的Symfony扩展包。从SOAP迁移而来。Mittax WSSE Bundle是对Symfonies WSSE Authprovider的包装。(https://symfony.com.cn/doc/current/security/custom_authentication_provider.html)
Requires
- php: >=5.5.9
- doctrine/doctrine-bundle: ^1.6
- doctrine/doctrine-cache-bundle: ^1.2
- doctrine/orm: ^2.5
- friendsofsymfony/rest-bundle: ^1.7
- friendsofsymfony/user-bundle: ~2.0@dev
- guzzlehttp/guzzle: *
- incenteev/composer-parameter-handler: ^2.0
- jms/serializer-bundle: ^1.1
- nelmio/api-doc-bundle: ^2.12
- sensio/distribution-bundle: ^5.0
- sensio/framework-extra-bundle: ^3.0.2
- symfony/monolog-bundle: ^3.0
- symfony/symfony: 3.3.*
This package is not auto-updated.
Last update: 2024-09-24 22:15:11 UTC
README
#先决条件
- php >=5.5.9
- symfony 3.1.x(详情见composer.json)
- 基于Linux的操作系统
- mysql >=5.5
- apache / nginx
#安装
composer
composer require mittax/wsse-bundle
注册扩展包 app/AppKernel.php
..... new Mittax\WsseBundle\MittaxWsseBundle(),
运行单元/功能测试。
该软件包附带自己的api方法的功能测试。在vendor/mittax/wsse-bundle/controllers中有一个默认控制器,其中包含一个用于生成wsse头部的apimethod。为了运行这些测试,需要一个测试用户。如果您想使用这些测试,请将数据库中的用户“mittax”添加到您的数据库中,或将用户更改为您的测试用户
vendor/mittax/wsse-bundle/Resources/config/config.yml
integrationtestsusername: mittax
#用法
消费一个WSSE安全的API方法。
安装后,所有定义的防火墙规则请求都通过X-WSSE头部进行保护。为了消费防火墙保护的API路径,我们需要生成一个X-WSSE头部,该头部必须对每个请求发送。以下是如何使用此包提供的wsse客户端的示例代码
//your clientobject $client = $this->container->get('mittax_wsse.client.service.http.request'); //API Url you want to call $uri = 'http://<yourdomain>/wsse/username'; //the username who wants to access. (Must exists in your user database) $username = 'yourusername'; //the wsse header to consume secured api $headerOptions = $client->getWsseHeaderRequestOtionsByUsername($username); //your serverresponse $response = $client->request('GET', $uri, $headerOptions); $response = (string)$response->getBody();
当然,您可以通过命令行生成wsse头字符串。MittaxWsseBunde提供了一个cli扩展来实现这一点。
##直接在命令行生成wsse头部
打开到项目根目录的终端
php bin/console mittax:wsse:generate-header
这将输出如下头部字符串。
UsernameToken Username="mittax", PasswordDigest="ZWQ0MWRiMGFhODhlYTI0M2FlMGZiNDk4NzY5MWNjMmJhMDcyN2ZmZmQ4YTE1YTVhYTAxMTkzMjkxNTYxYWYwM2Y3YjMyZmVhYjJmMjBjNWM4ODFiYjliYzBiZDgxMjE0ZWUyYmUzYjFiODg5MmJmN2I2NTI2ZTk0NDZmNDM3ZDI=", Nonce="MTMyNTgzYTFjNDMxOWJlOA==", Created="2016-11-26T23:35:31+0000"
将这个头部字符串放在请求的头部变量X-WSSE上(例如Postman)
###定义防火墙规则 app/config/comfig.yml
默认情况下使用FOS_Userbundle,配置如下
fos_user: db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel' firewall_name: wsse_secured user_class: Mittax\WsseBundle\Entity\User #you can use the default fos_user implementation, the mittax entity or your own entityclass
您可以在安全部分定义您的路由
app/config/security.yml
security: firewalls: wsse_secured: anonymous: false pattern: ^/wsse|your_path_here stateless: true wsse: { lifetime: 60 }
配置您的安全WSSE层。
app/config/parameter.yml
#configure the wsse mittax_wsse: #change that for your project salt: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e # the lifetime a userdigist is valid lifetime: 600 #the class to encode the digest encoder: Mittax\WsseBundle\Security\Encoder\Sha512 #if true the client nonce is valid for just one request to prevent relay attacks # for development you can disable this securityfeature # preventreplayattacks: false preventreplayattacks: true # by default we are depending on this usermanager. Feel free to use your own usermanager usermanager: fos_user.user_manager # tablename where the userpasswords are stored usertablename: fos_user # columnname where username is stored usernamecolumn: username # name of the column where the passwords are stored passwordcolumn: password ################################################################################################# # CHANGE ME !!!!! # UNITTEST / Functional Test. This username is required to run unittests # Add you own user here integrationtestsusername: mittax