Example #1
0
 /**
  * {@InheritDoc}
  */
 public function handle(GetResponseEvent $event)
 {
     $request = $event->getRequest();
     if (!$request->headers->has('x-wsse')) {
         return;
     }
     $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
     if (1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
         return;
     }
     $token = new WsseUserToken();
     $token->setUser($matches[1]);
     $token->digest = $matches[2];
     $token->nonce = $matches[3];
     $token->created = $matches[4];
     try {
         $authToken = $this->authenticationManager->authenticate($token);
         $this->tokenStorage->setToken($authToken);
         return;
     } catch (AuthenticationException $e) {
         throw $e;
         // To deny the authentication clear the token. This will redirect to the login page.
         // Make sure to only clear your token, not those of other authentication listeners.
         // $token = $this->tokenStorage->getToken();
         // if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
         //     $this->tokenStorage->setToken(null);
         // }
         // return;
     }
     // By default deny authorization
     $response = new Response();
     $response->setStatusCode(Response::HTTP_FORBIDDEN);
     $event->setResponse($response);
 }
Example #2
0
 /**
  * {@InheritDoc}
  */
 public function authenticate(TokenInterface $token)
 {
     $user = $this->userProvider->loadUserByUsername($token->getUsername());
     $isUser = $user instanceof UserInterface;
     if (!$isUser) {
         throw new WsseAuthenticationException('User not found.');
     }
     $this->userChecker->checkPreAuth($user);
     if (!$this->digestValidator->validateDigest($token, $user)) {
         throw new WsseAuthenticationException('Invalid Digest.');
     }
     $this->userChecker->checkPostAuth($user);
     $authenticatedToken = new WsseUserToken($user->getRoles());
     $authenticatedToken->setUser($user);
     return $authenticatedToken;
 }