/** * 验证子系统请求头,确保是子系统的请求 */ public function authenticate($user, $request, $response) { $headers = $request->headers; $ticket = $request->get('ticket'); if (isset($headers['app-id']) && isset($headers['signkey']) && isset($headers['once'])) { if (!$this->checkHeader($headers)) { return null; } $user = User::findIdentityByTicket($ticket); if ($user != null) { \Yii::$app->user->login($user); return $user; } } if ($ticket !== null) { $this->handleFailure($response); } return null; }