0

I'm working on Symfon2 and I've read the documentation, I stumbled with a problem belongs to the "Security" Section. I need a custom authentication provider made by me that can persist the token in the session so I can get it in a subsequent requests and if the user didn't provide a correct credential, it will redirect him to a login form and if he provided a correct credentials he would be redirected to another page.

1.       [access welcome page (protected page)]

user -------------------------------------------------------> [user redirected to a login form page] ----> [user provide wrong credentials] -----> [user returned to login form page]

2.       [access welcome page (protected page)]
user --------------------------------------------------------> [user redirected to a login form page] ----> [user provide correct credentials] -------> [user accessed to welcom page]

I want the custom authentication provider to make some stuff (verify user with ldap, db ...etc), then provide a token and save it into the security context, and to put in mind my login forms redirections work correctly (if user credentials are wrong, then the user will be redirected to the login form page, and if they are correct then he will redirected to a welcome page).

In the cookbook there is an article about "How to create a custom Authentication Provider", it's talking about "how to create a custom authentication provider for WSSE authentication."

Later in the article a note is written: A class not used above, the AbstractAuthenticationListener class, is a very useful base class which provides commonly needed functionality for security extensions. This includes maintaining the token in the session, providing success / failure handlers, login form urls, and more. As WSSE does not require maintaining authentication sessions or login forms, it won't be used for this example.

In the example mentioned in the cookbook, ListenerInterface is used, but it cannot be used with login form pages.

If some one solve this problem, I will be very thankful to get the solution.

Best Regards,
Dany

Improve this question

1 Answer 1

Reset to default
3

I think creating custom authentication provider isn't necessary if you want to verify user from sources other than db. You can create a custom user provider and set that provider in firewall. Check this cookbook entry.

Edit

Assuming you have created a custom token and custom AuthenticationProviderInterface that supports the token AND a custom user provider, create a class that implements AbstractAuthenticationListener class and implement attemptAuthentication method. e.g

protected function attemptAuthentication(Request $request)
{
    $param = trim($request->get('parameter', null, true));// auth parameters

    // other processing
    // authenticate method ultimatly calls your custom auth provider that supports your custom token. 
    return $this->authenticationManager->authenticate(new YourCustomToken($username, $password, $this->providerKey));
}

Check the implementation here. Service definition is here

Edit again:

There are two things, user provider and authentication provider. User provider loads user object from data source based on unique field of the user object, in this case username. Unique field can be email or a unique token. On the other hand authentication provider authenticates with given credential and returns the appropriate token once authenticated. So it at first loads user object from the source, in your case ldap. And then checks the password of that object with the password given from user input. Hope that clears your confusion.

And yes you can set your ldap provider with firewall. e.g

#app/config/security.yml
firewalls:
    main:
        pattern: ^/
        form_login:
            provider: your_custom_provider
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks m2mdas to your reply, but I need to add my special token into the security context if the credentials are correct, the credential does not necessary to be username/password, maybe it's a special number, or a combination of server, user, pass ...etc
Just to mention, why I can't use user provider only, because I have to implement "UserProviderInterface" that has loadUserByUsername($username), but this will give me only username, and if in my situation the user need to provide ldap credentials username/password, supposing that I don't verify user/pass with the database, then using the solution in symfony.com/doc/current/cookbook/security/custom_provider.html , because I need user/pass so I can use ldap functions from php to verify if the user exists, and if he/she exists then I can return a valid token.
I will try what you mentioned here, I will notify you if this solved my issue, thanks
Thanks a lot m2mdas, I followed the code from the links that you've provided and everything seems to work perfectly, thanks a lot.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.