AngularJS表单中的Symfony2跨域身份验证返回AnonymousToken

I have two separate projects: one Symfony project, that return some json for authenticated user and one AngularJS project, that provide UI for retrieving data. Now I struggle with firewall configuration to allow my UI doing correct authentication.

我有两个独立的项目:一个Symfony项目,返回一些json用于经过身份验证的用户和一个AngularJS项目,它们提供用于检索数据的UI。现在我努力使用防火墙配置来允许我的UI进行正确的身份验证。

This is my security.yml:

这是我的security.yml:

security:
    encoders:
        AppBundle\Entity\User:
            algorithm: sha512
            encode_as_base64: false
            iterations: 10

    providers:
        api_key_user_provider:
            id: app_bundle.api_key_user_provider

        entity_user_provider:
            entity:
                class: AppBundle\Entity\User
                property: email

    firewalls:
        main:
            pattern: ^/(?!login).+
            stateless: false
            simple_preauth:
                authenticator: app_bundle.api_key_authenticator
            provider: api_key_user_provider
            anonymous: ~
            logout: ~
            context: dashboard

        login:
            pattern: ^/login
            provider: entity_user_provider
            form_login:
                login_path: /login
                check_path: /login/check
                csrf_provider: security.csrf.token_manager
            anonymous: ~
            context: dashboard

    access_control:
         - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/, roles: IS_AUTHENTICATED_FULLY }

So, when I trying to post credentials from UI to /login/check, I get next result:

所以,当我尝试将凭证从UI发布到/ login / check时,我会得到下一个结果:

AnonymousToken(user="anon.", authenticated=true, roles="")

It seems, that my request is processing by AnonymousAuthenticationProviderinstead of Entity_user_provider.

看来,我的请求是由AnonymousAuthenticationProvider处理而不是Entity_user_provider。

So, my question: what is wrong in my security.yml configuration and how correctly doing cross-domain authentication using my client-side form? As result I need to return api-key. I think, I can do it in my Security:login, isn't it ?

所以,我的问题是:我的security.yml配置有什么问题,以及如何使用我的客户端表单正确地进行跨域身份验证?结果我需要返回api-key。我想,我可以在我的安全性中做到这一点:登录,不是吗?

(For enabling CORS I'm using NelmioCorsBundle).

(为了启用CORS,我使用的是NelmioCorsBundle)。

Also, maybe this would helpful. This is my CORS settings in config.yml:

此外,也许这会有所帮助。这是我在config.yml中的CORS设置:

nelmio_cors:
    defaults:
        allow_credentials: false
        allow_origin: []
        allow_headers: []
        allow_methods: []
        expose_headers: []
        max_age: 0
        hosts: []
        origin_regex: false

paths:
    '^/' :
        allow_credentials: true
        origin_regex: true
        allow_origin: ['http://my_local_domain_with_angular']
        allow_headers: ['*']
        expose_headers: ['*']
        allow_methods: ['POST', 'GET', 'DELETE', 'PUT', 'HEAD']
        max_age: 3600

If you need more details, please, let me know!

如果您需要更多详情,请告诉我们!

Thanks for any help!

谢谢你的帮助!

1 个解决方案

#1

I have solved this.

我解决了这个问题。

First, I notice, that form_login listener not processing data from external form. So I use simple_preauth listener instead. I have defined two separate firewalls:

首先,我注意到,form_login侦听器不处理来自外部表单的数据。所以我使用simple_preauth监听器。我已经定义了两个独立的防火墙:

firewalls:

    main:
        pattern: ^/(?!login).+
        stateless: false
        simple_preauth:
            authenticator: app_bundle.api_key_authenticator
        provider: api_key_user_provider
        anonymous: ~
        logout: ~

    login:
        pattern: ^/login
        stateless: false
        simple_preauth:
            authenticator: app_bundle.email_password_authenticator
        provider: email_user_provider
        anonymous: ~

If login success, next my service generate api_key that can be used to authenticate on main firewall.

如果登录成功,接下来我的服务生成api_key,可用于在主防火墙上进行身份验证。

For details you can see also my another question.

有关详细信息,您还可以看到另一个问题。

#1