I've been working on a custom authentication system with Symfony 2.1. After a lot of battle with Symfony I've got something that working but not fully...
Problem : After the login (through a form), the user is logged but not authenticated.
Context : Since users have to submit their credentials through an HTML form, I had to create a listener that extends AbstractAuthenticationListener.
Question : Shouldn't the listener automatically add the token to the SecurityContext ? If this is not the case, should I do that manually ?
Process :
User submits his credentials through HTML form
Listener intercepts request and runs attemptAuthentication
Listener calls AuthenticationManager's (implements AuthenticationProviderInterface) authenticate method
AuthenticationManager calls the UserProvider (implements UserProviderInterface) to retrieve user's data from my webservice.
UserProvider returns a User class implementing UserInterface
AuthenticationManager creates a Token implementing TokenInterface.
AuthenticationManager returns the token to the listener.
Listener's attemptAuthentication returns token from AuthenticationManager's method : authenticate
User is logged but not authenticated.
I haven't shown code samples to avoid overloading the post. If needed I'll edit the post.
CustomTokenas defined in the authenticationManager.support method. - SupaCoco