1. 首頁
  2. 問答
  3. Symfony2通過HTTP頭進行身份驗證

Symfony2通過HTTP頭進行身份驗證

2015-01-16 44 views
1

我有Symfony2應用程序正在運行,即實現了登錄機制。Symfony2通過HTTP頭進行身份驗證

不過,我需要以某種方式從其他應用程序,它檢查是否在該系統上存在的請求的URL發送請求:

比如有要求http://myapp/order/1111,我需要檢查它是否會返回200 OK頁眉或404個Not Found狀態;

當我發送請求時,它是未經授權的,並被重定向到登錄頁面/登錄,返回200 OK狀態標題。

我需要的是以某種方式安全地繞過登錄機制。有沒有一種方法可以添加登錄憑據來請求,或創建額外的登錄方法?

編輯:

正如評論中所建議的,我試圖使用捲曲。但我無法弄清楚它是如何工作的。這是我所得到的,但它不起作用。

$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login'); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6'); 
curl_setopt($ch, CURLOPT_TIMEOUT, 60); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($ch, CURLOPT_COOKIESESSION, true); 
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); 
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt'); 
curl_setopt($ch, CURLOPT_POST, true); 
$html = new DOMDocument(); 
$html->loadHTML(curl_exec($ch)); 

if (curl_error($ch)) { 
    echo(curl_error($ch)); 
} 
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value'); 

curl_setopt($ch, CURLOPT_URL, 'http://localhost/en/login'); 
//curl_setopt($ch, CURLOPT_REFERER, 'http://localhost/en/login'); 
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
    '_username' => 'login_username', 
    '_password' => 'login_password', 
    '_remember_me' => 'on', 
    '_csrf_token' => $csrf_token 
))); 

curl_setopt($ch, CURLOPT_POST, true); 
$result = curl_exec($ch); 

if (curl_error($ch)) { 
    echo(curl_error($ch)); 
} 

echo $result; 

curl_close($ch);

任何建議,如何使用捲曲在這種情況下?

來源

2015-01-16 antanas_sepikas

+0

在檢查URL之前讓你的其他應用得到授權不是更好嗎? – smarber

+0

我同意@smarber。順便說一下,如果你想要簡單的做什麼請求匹配器解釋這裏:http://php-and-symfony.matthiasnoback.nl/2012/07/symfony2-security-using-advanced-request-matchers-to -activate的防火牆/。只有當請求沒有可以簡單添加到服務器的自定義標頭時,您纔可以激活防火牆。缺點是安全性,但它取決於旅遊應用程序 – erlangb

+0

我不知道我應該如何授權我的其他應用程序? –

回答

0

我寫了一個解決這個問題,如果任何人有這個掙扎:

$ch = curl_init(); 

//get login form 
curl_setopt($ch, CURLOPT_URL, $login_url); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6'); 
curl_setopt($ch, CURLOPT_TIMEOUT, 60); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($ch, CURLOPT_COOKIESESSION, true); 
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_path); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_path); 

//parse html to get csrf_token, I added id attribute to it for easier retrieving 
$html = new DOMDocument(); 
$html->loadHTML(curl_exec($ch)); 
$csrf_token = $html->getElementById('csrf_token')->getAttribute('value'); 

if (curl_error($ch)) { 
    throw new Exception(curl_error($ch)); 
} 

//send post request to login_check with parameters (csrf_token included) 
curl_setopt($ch, CURLOPT_URL, $check_url); 
curl_setopt($ch, CURLOPT_POST, true); 
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
    '_username' => $username, 
    '_password' => $password, 
    '_remember_me' => 'on', //if you use remember me functionality 
    '_csrf_token' => $csrf_token 
))); 

curl_exec($ch); 
if (curl_error($ch)) { 
    throw new Exception(curl_error($ch)); 
} 

//request login protected urls 
curl_setopt($ch, CURLOPT_URL, $url); 
curl_setopt($ch, CURLOPT_POST, false); 

curl_exec($ch); 

if (curl_error($ch)) { 
    throw new Exception(curl_error($ch)); 
} 

$info = curl_getinfo($ch); 
curl_close($ch); 

//I used this code in a function returning url and http_code for further processing 
return array(
    'url' => $info['url'], 
    'http_code' => $info['http_code'] 
);

我是有定位的問題。我曾經通過login_check url與這樣的語言環境http://localhost/en/login_check,通過刪除找到我解決了問題:http://localhost/login_check

來源

2015-01-20 06:57:22

相關問題

 相關問題