feature #27650 [SecurityBundle] Add json login ldap (Rudy Onfroy)
This PR was squashed before being merged into the 4.2-dev branch (closes #27650).
Discussion
----------
[SecurityBundle] Add json login ldap
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Add a simple from_login_ldap on firewall types to let authenticate with ldap with json API
Commits
-------
2b2dfd2
[SecurityBundle] Add json login ldap
This commit is contained in:
commit
6cefd8838f
@ -10,7 +10,8 @@ CHANGELOG
|
|||||||
custom tokens extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
custom tokens extend the existing `Symfony\Component\Security\Core\Authentication\Token\AnonymousToken`
|
||||||
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
or `Symfony\Component\Security\Core\Authentication\Token\RememberMeToken`.
|
||||||
* Added `Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\AddExpressionLanguageProvidersPass`
|
* Added `Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\AddExpressionLanguageProvidersPass`
|
||||||
|
* Added `json_login_ldap` authentication provider to use LDAP authentication with a REST API.
|
||||||
|
|
||||||
4.1.0
|
4.1.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
@ -0,0 +1,60 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory;
|
||||||
|
|
||||||
|
use Symfony\Component\Config\Definition\Builder\NodeDefinition;
|
||||||
|
use Symfony\Component\DependencyInjection\ChildDefinition;
|
||||||
|
use Symfony\Component\DependencyInjection\ContainerBuilder;
|
||||||
|
use Symfony\Component\DependencyInjection\Reference;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* JsonLoginLdapFactory creates services for json login ldap authentication.
|
||||||
|
*/
|
||||||
|
class JsonLoginLdapFactory extends JsonLoginFactory
|
||||||
|
{
|
||||||
|
public function getKey()
|
||||||
|
{
|
||||||
|
return 'json-login-ldap';
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId)
|
||||||
|
{
|
||||||
|
$provider = 'security.authentication.provider.ldap_bind.'.$id;
|
||||||
|
$definition = $container
|
||||||
|
->setDefinition($provider, new ChildDefinition('security.authentication.provider.ldap_bind'))
|
||||||
|
->replaceArgument(0, new Reference($userProviderId))
|
||||||
|
->replaceArgument(1, new Reference('security.user_checker.'.$id))
|
||||||
|
->replaceArgument(2, $id)
|
||||||
|
->replaceArgument(3, new Reference($config['service']))
|
||||||
|
->replaceArgument(4, $config['dn_string'])
|
||||||
|
;
|
||||||
|
|
||||||
|
if (!empty($config['query_string'])) {
|
||||||
|
$definition->addMethodCall('setQueryString', array($config['query_string']));
|
||||||
|
}
|
||||||
|
|
||||||
|
return $provider;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function addConfiguration(NodeDefinition $node)
|
||||||
|
{
|
||||||
|
parent::addConfiguration($node);
|
||||||
|
|
||||||
|
$node
|
||||||
|
->children()
|
||||||
|
->scalarNode('service')->defaultValue('ldap')->end()
|
||||||
|
->scalarNode('dn_string')->defaultValue('{username}')->end()
|
||||||
|
->scalarNode('query_string')->end()
|
||||||
|
->end()
|
||||||
|
;
|
||||||
|
}
|
||||||
|
}
|
@ -14,6 +14,7 @@ namespace Symfony\Bundle\SecurityBundle;
|
|||||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\AddExpressionLanguageProvidersPass;
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\AddExpressionLanguageProvidersPass;
|
||||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterCsrfTokenClearingLogoutHandlerPass;
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterCsrfTokenClearingLogoutHandlerPass;
|
||||||
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\JsonLoginFactory;
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\JsonLoginFactory;
|
||||||
|
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\JsonLoginLdapFactory;
|
||||||
use Symfony\Component\HttpKernel\Bundle\Bundle;
|
use Symfony\Component\HttpKernel\Bundle\Bundle;
|
||||||
use Symfony\Component\DependencyInjection\Compiler\PassConfig;
|
use Symfony\Component\DependencyInjection\Compiler\PassConfig;
|
||||||
use Symfony\Component\DependencyInjection\ContainerBuilder;
|
use Symfony\Component\DependencyInjection\ContainerBuilder;
|
||||||
@ -47,6 +48,7 @@ class SecurityBundle extends Bundle
|
|||||||
$extension->addSecurityListenerFactory(new FormLoginFactory());
|
$extension->addSecurityListenerFactory(new FormLoginFactory());
|
||||||
$extension->addSecurityListenerFactory(new FormLoginLdapFactory());
|
$extension->addSecurityListenerFactory(new FormLoginLdapFactory());
|
||||||
$extension->addSecurityListenerFactory(new JsonLoginFactory());
|
$extension->addSecurityListenerFactory(new JsonLoginFactory());
|
||||||
|
$extension->addSecurityListenerFactory(new JsonLoginLdapFactory());
|
||||||
$extension->addSecurityListenerFactory(new HttpBasicFactory());
|
$extension->addSecurityListenerFactory(new HttpBasicFactory());
|
||||||
$extension->addSecurityListenerFactory(new HttpBasicLdapFactory());
|
$extension->addSecurityListenerFactory(new HttpBasicLdapFactory());
|
||||||
$extension->addSecurityListenerFactory(new RememberMeFactory());
|
$extension->addSecurityListenerFactory(new RememberMeFactory());
|
||||||
|
@ -0,0 +1,25 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Bundle\SecurityBundle\Tests\Functional;
|
||||||
|
|
||||||
|
use Symfony\Component\HttpKernel\Kernel;
|
||||||
|
|
||||||
|
class JsonLoginLdapTest extends WebTestCase
|
||||||
|
{
|
||||||
|
public function testKernelBoot()
|
||||||
|
{
|
||||||
|
$kernel = self::createKernel(array('test_case' => 'JsonLoginLdap', 'root_config' => 'config.yml'));
|
||||||
|
$kernel->boot();
|
||||||
|
|
||||||
|
$this->assertInstanceOf(Kernel::class, $kernel);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,16 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
return array(
|
||||||
|
new Symfony\Bundle\SecurityBundle\SecurityBundle(),
|
||||||
|
new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
|
||||||
|
new Symfony\Bundle\TwigBundle\TwigBundle(),
|
||||||
|
);
|
@ -0,0 +1,39 @@
|
|||||||
|
imports:
|
||||||
|
- { resource: ./../config/default.yml }
|
||||||
|
services:
|
||||||
|
Symfony\Component\Ldap\Ldap:
|
||||||
|
arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
|
||||||
|
|
||||||
|
Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
|
||||||
|
arguments:
|
||||||
|
- host: 'localhost'
|
||||||
|
port: 389
|
||||||
|
options:
|
||||||
|
protocol_version: 3
|
||||||
|
referrals: false
|
||||||
|
security:
|
||||||
|
providers:
|
||||||
|
ldap:
|
||||||
|
ldap:
|
||||||
|
service: Symfony\Component\Ldap\Ldap
|
||||||
|
base_dn: 'dc=onfroy,dc=net'
|
||||||
|
search_dn: ''
|
||||||
|
search_password: ''
|
||||||
|
default_roles: ROLE_USER
|
||||||
|
uid_key: uid
|
||||||
|
|
||||||
|
firewalls:
|
||||||
|
main:
|
||||||
|
pattern: ^/login
|
||||||
|
stateless: true
|
||||||
|
anonymous: true
|
||||||
|
json_login_ldap:
|
||||||
|
check_path: /login
|
||||||
|
require_previous_session: false
|
||||||
|
service: Symfony\Component\Ldap\Ldap
|
||||||
|
dn_string: ''
|
||||||
|
username_path: user.login
|
||||||
|
password_path: user.password
|
||||||
|
|
||||||
|
access_control:
|
||||||
|
- { path: ^/, roles: ROLE_USER }
|
Reference in New Issue
Block a user