public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
// Check if authentication Token is present
if ($request->headers->has('x-wsse')) {
// Token parser
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
$token = new WsseUserToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
// Authentication process
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
// ... you might log something here
// To deny the authentication clear the token. This will redirect to the login page.
// $this->securityContext->setToken(null);
// return;
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
}
}
// By default deny authentication
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
public function authenticate(TokenInterface $token)
{
// Load specified user
$user = $this->userProvider->loadUserByUsername($token->getUsername());
// Verify Token and register it
if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) {
$authenticatedToken = new WsseUserToken($user->getRoles());
$authenticatedToken->setUser($user);
return $authenticatedToken;
}
throw new AuthenticationException('The WSSE authentication failed. For user : ' . $user);
}
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
// Check if authentication Token is present
if ($request->headers->has('x-wsse')) {
// Token parser
$wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
if (preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
$token = new WsseUserToken();
$token->setUser($matches[1]);
$token->digest = $matches[2];
$token->nonce = $matches[3];
$token->created = $matches[4];
try {
// Authentication process
$authToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authToken);
return;
} catch (AuthenticationException $failed) {
$failedMessage = 'WSSE Login failed for ' . $token->getUsername() . '. Why ? ' . $failed->getMessage();
$this->logger->err($failedMessage);
// To deny the authentication clear the token. This will redirect to the login page.
// $token = $this->securityContext->getToken();
// if ( $token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
// $this->securityContext->setToken(null);
// }
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$response->setContent($failedMessage);
$event->setResponse($response);
return;
} catch (NonceExpiredException $expired) {
$failedMessage = 'WSSE Nonce Expired for ' . $token->getUsername() . '. Why ? ' . $failed->getMessage();
$this->logger->err($failedMessage);
// Deny authentication with a '403 Forbidden' HTTP response
$response = new Response();
$response->setStatusCode(403);
$response->setContent($failedMessage);
$event->setResponse($response);
return;
}
// By default deny authorization
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}
}
// By default deny authentication
$response = new Response();
$response->setStatusCode(403);
$event->setResponse($response);
}