Exemple #1
0
 /**
  * @param TokenInterface $token
  *
  * @return TokenInterface|WsseApiToken
  * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
  */
 public function authenticate(TokenInterface $token)
 {
     /** @var User $user */
     $user = $this->userProvider->loadUserByUsername($token->getUsername());
     if ($user && $user->isEnabled()) {
         $wsseToken = $this->tokenManager->getUserToken($user->getId());
         if (!is_null($wsseToken) && $this->validateDigest($token->digest, $token->nonce, $token->created, $wsseToken)) {
             $authenticatedToken = new WsseApiToken($user->getRoles());
             $authenticatedToken->setUser($user);
             return $authenticatedToken;
         }
     }
     throw new AuthenticationException('The WSSE authentication failed.');
 }
Exemple #2
0
 /**
  * @param GetResponseEvent $event
  */
 public function handle(GetResponseEvent $event)
 {
     $request = $event->getRequest();
     $wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/';
     if ($request->headers->has('x-wsse') && 1 === preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) {
         $token = new WsseApiToken();
         $token->setUser($matches[1]);
         $token->digest = $matches[2];
         $token->nonce = $matches[3];
         $token->created = $matches[4];
         try {
             $authToken = $this->authenticationManager->authenticate($token);
             $this->securityContext->setToken($authToken);
             return;
         } catch (AuthenticationException $failed) {
             // ... you might log something here
             // To deny the authentication clear the token. This will redirect to the login page.
             // Make sure to only clear your token, not those of other authentication listeners.
             // $token = $this->securityContext->getToken();
             // if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) {
             //     $this->securityContext->setToken(null);
             // }
             // return;
             if (null !== $this->logger) {
                 $this->logger->debug(sprintf('Forbidden message: %s', $failed->getMessage()));
             }
             // Deny authentication with a '403 Forbidden' HTTP response
             $response = new Response();
             $response->setStatusCode(403);
             $event->setResponse($response);
         }
     }
     // By default deny authorization
     $response = new Response();
     $response->setStatusCode(403);
     $event->setResponse($response);
 }