I'm facing a problem with my Symfony project.
I have two Symfony apps (let's call them A and B) who can communicate with each other by Web Service. In one of them (app A), I store my list of users, and I'm trying to authenticate an user through app B. The expected behavior is : - User enters his username and password - App B gets the username/password - App B calls App A through a WS, asking if this user is OK - If user OK, App B creates a session token and authentifies the user.
At the moment, I'm able to authenticate my user, but every time I navigate through app B, I lose my session token (so I'm redirected to my /login page). The weird thing is that I'm still authenticated, but the session token doesn't contain my User object anymore (it contains a User object with every attribute "null").
Here is my security.yml :
providers:
webservice:
id: webservice_user_provider
firewalls:
login:
pattern: ^/login$|^/check$|^/_wdt
anonymous: true
secured:
pattern: ^/
anonymous: false
form_login:
check_path: /login_check
login_path: login
username_parameter: username
password_parameter: password
default_target_path: /
logout:
path: logout
access_control:
My LoginController (app B) :
public function checkAction(Request $request)
{
// Récupération du login et du mot de passe dans les paramètres de la requête
if ($request->getMethod() == "POST")
{
$username = $request->get("username");
$password = $request->get("password");
// Interrogation du repo pour savoir si l'utilisateur existe
$repo = $this->getDoctrine()->getRepository("EntrepotEntitiesBundle:Utilisateurecommercant");
/* @var $repo \Entrepot\EntitiesBundle\Repository\UtilisateurecommercantRepository */
$user = $repo->findByLoginAndPassword($username, $password);
if ($user != null) // On a retrouvé un utilisateur => OK
{
// On sérialise alors un token de connexion dans la session
$this->login($request, $user);
return $this->indexAction();
}
}
return $this->render('EntrepotUtilisateurBundle::index.html.twig', array(
'last_username' => $this->getRequest()->getSession()->get(SecurityContext::LAST_USERNAME),
));
}
public function login(Request $request, UserInterface $user)
{
$token = new UsernamePasswordToken($user, $user->getPassword(), 'secured', $user->getRoles());
$request->getSession()->set('_security_secured', serialize($token));
$this->get("security.context")->setToken($token);
// Et on lève un évènement "login"
$event = new InteractiveLoginEvent($request, $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);
}
One thing I don't understand, is when and how the checkAction() should be called. At this moment, it is only called when my user validates his login form. Should it be called every time I try to navigate to a new page ? I don't really understand how it works, and I'd like to understand it better...
Did I forget something ?
Thanks.
checkAction()is used exactly like you said i.e: it shouldn't be called every time.about the firewall I had a similar problem, and it was solved by sharing the context of the firewalls.read symfony.com/doc/current/book/security.html : common pitfalls.However I don't know how that translates to a WS authentication. - user2268997