php – Symfony2：如何检查某个操作是否安全？

当Symfony2处理请求时,它与url模式匹配app / config / security.yml中定义的每个防火墙.当url模式与防火墙模式匹配时,Symfony2会创建一些侦听器对象并调用这些对象的handle方法.如果任何侦听器返回一个Response对象,则循环中断,Symfony2输出响应.身份验证部分在身份验证侦听器中完成.它们是从匹配防火墙中定义的配置创建的,例如form_login,http_basic等.如果用户未经过身份验证,则经过身份验证的侦听器会创建一个RedirectResponse对象,以将用户重定向到登录页面.对于您的情况,您可以通过创建自定义身份验证侦听器并将其添加到安全页面防火墙中来作弊.示例实现如下,

创建令牌类,

namespace YourNamespace;

use SymfonyComponentSecurityCoreAuthenticationTokenAbstractToken;

class MyToken extends AbstractToken
{
    public function __construct(array $roles = array())
    {
        parent::__construct($roles);
    }

    public function getCredentials()
    {
        return '';
    }
}

创建一个实现AuthenticationProviderInterface的类.对于form_login侦听器,它使用给定的UserProvider进行身份验证.在这种情况下,它什么都不做.

namespace YourNamespace;

use SymfonyComponentSecurityCoreAuthenticationTokenTokenInterface;
use SymfonyComponentSecurityCoreAuthenticationProviderAuthenticationProviderInterface;
use AcmeBaseBundleFirewallMyToken;

class MyAuthProvider implements AuthenticationProviderInterface
{

    public function authenticate(TokenInterface $token)
    {
        if (!$this->supports($token)) {
            return null;
        }

        throw new Exception('you should not get here');
    }

    public function supports(TokenInterface $token)
    {
        return $token instanceof MyToken;
    }

创建入口点类.侦听器将从此类创建RedirectResponse.

namespace YourNamespace;

use SymfonyComponentHttpFoundationRequest;
use SymfonyComponentHttpFoundationResponse;
use SymfonyComponentSecurityCoreExceptionAuthenticationException;
use SymfonyComponentSecurityHttpEntryPointAuthenticationEntryPointInterface;
use SymfonyComponentSecurityHttpHttpUtils;


class MyAuthenticationEntryPoint implements AuthenticationEntryPointInterface
{
    private $httpUtils;
    private $redirectPath;

    public function __construct(HttpUtils $httpUtils,$redirectPath)
    {
        $this->httpUtils = $httpUtils;
        $this->redirectPath = $redirectPath;
    }

    /**
     * {@inheritdoc}
     */
    public function start(Request $request,AuthenticationException $authException = null)
    {
        //redirect action goes here
        return $this->httpUtils->createRedirectResponse($request,$this->redirectPath);
    }

创建一个监听器类.在这里,您将实现重定向逻辑.

namespace YourNamespace;

use SymfonyComponentSecurityHttpFirewallListenerInterface;
use SymfonyComponentHttpKernelEventGetResponseEvent;
use SymfonyComponentSecurityCoreSecurityContextInterface;
use SymfonyComponentSecurityHttpEntryPointAuthenticationEntryPointInterface;

class MyAuthenticationListener implements ListenerInterface
{
    private $securityContext;
    private $authenticationEntryPoint;


    public function __construct(SecurityContextInterface $securityContext,AuthenticationEntryPointInterface $authenticationEntryPoint)
    {
        $this->securityContext = $securityContext;
        $this->authenticationEntryPoint = $authenticationEntryPoint;
    }

    public function handle(GetResponseEvent $event)
    {
        $token = $this->securityContext->getToken();
        $request = $event->getRequest();
        if($token === null){
            return;
        }

        //add your logic
        $redirect = // boolean value based on your logic

        if($token->isAuthenticated() && $redirect){

            $response = $this->authenticationEntryPoint->start($request);
            $event->setResponse($response);
            return;
        }
    }

}

创建服务.

<?xml version="1.0" ?>
<container xmlns="http://symfony.com/schema/dic/services"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">

    <services>

        <service id="my_firewall.security.authentication.listener"
                 class="YourNamespaceMyAuthenticationListener"
                 parent="security.authentication.listener.abstract"
                 abstract="true">
            <argument type="service" id="security.context" />
            <argument /> <!-- Entry Point -->
        </service>

        <service id="my_firewall.entry_point" class="YourNamespaceMyAuthenticationEntryPoint" public="false" ></service>

        <service id="my_firewall.auth_provider" class="YourNamespaceMyAuthProvider" public="false"></service>
    </services>

</container>

注册听众.在捆绑包DependencyInjection文件夹中创建名为Security / Factory的文件夹.然后创建工厂类.

namespace YourBundleDependencyInjectionSecurityFactory;

use SymfonyComponentDependencyInjectionContainerBuilder;
use SymfonyComponentDependencyInjectionReference;
use SymfonyComponentDependencyInjectionDefinitionDecorator;
use SymfonyComponentDependencyInjectionDefinition;
use SymfonyBundleSecurityBundleDependencyInjectionSecurityFactorySecurityFactoryInterface;
use SymfonyComponentConfigDefinitionBuilderNodeDefinition;

class MyFirewallFactory implements SecurityFactoryInterface
{

    public function create(ContainerBuilder $container,$id,$config,$userProvider,$defaultEntryPoint)
    {
        $provider = 'my_firewall.auth_provider.'.$id;
        $container->setDefinition($provider,new DefinitionDecorator('my_firewall.auth_provider'));

        // entry point
        $entryPointId = $this->createEntryPoint($container,$defaultEntryPoint);

        // listener
        $listenerId = 'my_firewall.security.authentication.listener'.$id;
        $listener = $container->setDefinition($listenerId,new DefinitionDecorator('my_firewall.security.authentication.listener'));
        $listener->replaceArgument(1,new Reference($entryPointId));
        return array($provider,$listenerId,$entryPointId);
    }

    public function getPosition()
    {
        return 'pre_auth';
    }

    public function getKey()
    {
        return 'my_firewall'; //the listener name
    }

    protected function getListenerId()
    {
        return 'my_firewall.security.authentication.listener';
    }

    public function addConfiguration(NodeDefinition $node)
    {
        $node
            ->children()
                ->scalarNode('redirect_path')->end()
            ->end()
            ;
    }

    protected function createEntryPoint($container,$defaultEntryPointId)
    {
        $entryPointId = 'my_firewall.entry_point'.$id;
        $container
            ->setDefinition($entryPointId,new DefinitionDecorator('my_firewall.entry_point'))
            ->addArgument(new Reference('security.http_utils'))
            ->addArgument($config['redirect_path'])
            ;
        return $entryPointId;
    }

}

然后在bundle文件夹的NamespaceBundle.php中添加以下代码.

public function build(ContainerBuilder $builder){
    parent::build($builder);
    $extension = $builder->getExtension('security');
    $extension->addSecurityListenerFactory(new SecurityFactoryMyFirewallFactory());
}

身份验证监听器已创建,phew :).现在在app / config / security.yml中执行以下操作.

api_area:
  pattern: ^/secured/
  provider: fos_userbundle
  form_login:
    check_path: /login_check
    login_path: /login
    csrf_provider: form.csrf_provider
  my_firewall:
    redirect_path: /beta
  logout: true
  anonymous: true