我正在尝试使用 3 个捆绑包的组合来验证 Symfony 3 应用程序的 API 和 BackOffice 用户:LdaptoolsBundle、LexikJwtAuthBundle 和 fosUserBundle。
这是我的配置:
config.yml //config.yml
lexik_jwt_authentication:
private_key_path: %jwt_private_key_path%
public_key_path: %jwt_public_key_path%
pass_phrase: %jwt_key_pass_phrase%
token_ttl: %jwt_token_ttl%
ldap_tools:
domains:
company:
domain_name: ad.company.com
username: user
password: password
servers: ['xxx.xxx.xxx']
base_dn: 'OU=users, DC=domain'
security:
default_role: ROLE_USER
security.yml //安全.yml
encoders:
LdapTools\Bundle\LdapToolsBundle\Security\User\LdapUser: plaintext
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
chain_provider:
chain:
providers: [ fos_userbundle, ldap ]
fos_userbundle:
id: fos_user.user_provider.username
ldap:
id: ldap_tools.security.user.ldap_user_provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api_login:
pattern: ^/api/login
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
require_previous_session: false
username_parameter: username
password_parameter: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- ldap_tools.security.ldap_guard_authenticator
api_secure:
pattern: ^/api
stateless: true
lexik_jwt:
authorization_header:
enabled: true
prefix: Bearer
query_parameter:
enabled: true
name: bearer
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
anonymous: ~
provider: chain_provider
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
use_forward: true
pattern: ^/
logout: ~
guard:
authenticators:
- ldap_tools.security.ldap_guard_authenticator
login:
pattern: ^/login$
anonymous: ~
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/, roles: ROLE_USER }
当尝试通过登录表单登录时,一切正常,我已通过 Ldap 进行身份验证。但是当我尝试通过 api 登录时,只使用了 fosUserBundle 提供。无法访问 Ldap
这是堆栈跟踪:
[1] Symfony\Component\Debug\Exception\ContextErrorException: Warning: hash_equals(): Expected known_string to be a string, null given
at n/a
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php line 84
at Symfony\Component\Security\Core\Encoder\BasePasswordEncoder->comparePasswords(null, 'MyPass')
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php line 59
at Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder->isPasswordValid(null, 'MyPass', null)
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php line 66
at Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider->checkAuthentication(object(LdapUser), object(UsernamePasswordToken))
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php line 86
at Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate(object(UsernamePasswordToken))
in /var/www/myapp/var/cache/dev/classes.php line 5294
at Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate(object(UsernamePasswordToken))
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php line 93
at Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication(object(Request))
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php line 146
at Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->handle(object(GetResponseEvent))
in /var/www/myapp/var/cache/dev/classes.php line 5209
at Symfony\Component\Security\Http\Firewall->onKernelRequest(object(GetResponseEvent), 'kernel.request', object(TraceableEventDispatcher))
in line
at call_user_func(array(object(Firewall), 'onKernelRequest'), object(GetResponseEvent), 'kernel.request', object(TraceableEventDispatcher))
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php line 106
at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object(GetResponseEvent), 'kernel.request', object(ContainerAwareEventDispatcher))
in line
at call_user_func(object(WrappedListener), object(GetResponseEvent), 'kernel.request', object(ContainerAwareEventDispatcher))
in /var/www/myapp/var/cache/dev/classes.php line 3240
at Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(array(object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener)), 'kernel.request', object(GetResponseEvent))
in /var/www/myapp/var/cache/dev/classes.php line 3155
at Symfony\Component\EventDispatcher\EventDispatcher->dispatch('kernel.request', object(GetResponseEvent))
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php line 136
at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch('kernel.request', object(GetResponseEvent))
in /var/www/myapp/var/cache/dev/classes.php line 4883
at Symfony\Component\HttpKernel\HttpKernel->handleRaw(object(Request), 1)
in /var/www/myapp/var/cache/dev/classes.php line 4853
at Symfony\Component\HttpKernel\HttpKernel->handle(object(Request), 1, true)
in /var/www/myapp/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php line 168
at Symfony\Component\HttpKernel\Kernel->handle(object(Request))
in /var/www/myapp/web/app_dev.php line 28
有人可以帮忙吗?
谢谢