【发布时间】:2021-07-28 04:50:19
【问题描述】:
我正在尝试在 Symfony5 中创建带有 JWT 身份验证的 REST API。起初我试着按照这里写的https://h-benkachoud.medium.com/symfony-rest-api-without-fosrestbundle-using-jwt-authentication-part-2-be394d0924dd 做。当我尝试制作方法 getTokenUser 时出现了困难:
/**
* @param JWTTokenManagerInterface $JWTManager
* @return JsonResponse
* @Route("/api/login_check", name="api_login_check", methods={"POST"})
*/
public function getTokenUser(UserInterface $user,JWTTokenManagerInterface $JWTManager)
{
return new JsonResponse(['token' => $JWTManager->create($user)]);
}
Symfony 说UserInterface 不是服务,所以它不能自动装配它。
好的,然后我试图找到有关此问题的另一篇文章。但令人惊讶的是,他们只是没有说明如何编写此方法。例如,这里的https://digitalfortress.tech/php/jwt-authentication-with-symfony/ 看起来像路由/api/login_check 必须在security.yaml 和routes.yaml 中配置时自动工作。但是不,它不起作用。
那我该怎么写控制器呢?
我的security.yaml 是:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
provider: app_user_provider
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
【问题讨论】: