/** * @param TokenInterface $token * * @return TokenInterface|WsseApiToken * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException */ public function authenticate(TokenInterface $token) { /** @var User $user */ $user = $this->userProvider->loadUserByUsername($token->getUsername()); if ($user && $user->isEnabled()) { $wsseToken = $this->tokenManager->getUserToken($user->getId()); if (!is_null($wsseToken) && $this->validateDigest($token->digest, $token->nonce, $token->created, $wsseToken)) { $authenticatedToken = new WsseApiToken($user->getRoles()); $authenticatedToken->setUser($user); return $authenticatedToken; } } throw new AuthenticationException('The WSSE authentication failed.'); }
/** * @param GetResponseEvent $event */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $wsseRegex = '/UsernameToken Username="******"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; if ($request->headers->has('x-wsse') && 1 === preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { $token = new WsseApiToken(); $token->setUser($matches[1]); $token->digest = $matches[2]; $token->nonce = $matches[3]; $token->created = $matches[4]; try { $authToken = $this->authenticationManager->authenticate($token); $this->securityContext->setToken($authToken); return; } catch (AuthenticationException $failed) { // ... you might log something here // To deny the authentication clear the token. This will redirect to the login page. // Make sure to only clear your token, not those of other authentication listeners. // $token = $this->securityContext->getToken(); // if ($token instanceof WsseUserToken && $this->providerKey === $token->getProviderKey()) { // $this->securityContext->setToken(null); // } // return; if (null !== $this->logger) { $this->logger->debug(sprintf('Forbidden message: %s', $failed->getMessage())); } // Deny authentication with a '403 Forbidden' HTTP response $response = new Response(); $response->setStatusCode(403); $event->setResponse($response); } } // By default deny authorization $response = new Response(); $response->setStatusCode(403); $event->setResponse($response); }