1

I'm working on a project where a segment of the site is secured. The credentials for the users who auth are stored in QuickBase (an online database with a custom API) and the passwords are encrypted using a custom hash.

Can someone give me a high-level take on what classes I will need to build and implement to support authenticating these users from a web service and using my own password hash mechanism?

Here is my security.yml:

security:
    firewalls:
        secured_area:
            pattern:    ^/account
            provider: quickbase_users
            form_login:
                login_path: /login
                check_path: /login_check

    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }

    providers:
        quickbase_users:
            id: quickbase_user_provider

    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

Here are my routes:

login:
    pattern:   /login
    defaults:  { _controller: JMLWebsiteBundle:Security:login }
login_check:
    pattern:   /login_check

I'm currently getting this error after submitting a user/pass at /login:

Unable to find the controller for path "/login_check". Maybe you forgot to add the matching route in your routing configuration?
Improve this question
3
  • You sould add anonymous, logout and what's the most important form_login properties to your secured_area firewall. See: Using a Traditional Login Form Commented Nov 8, 2012 at 14:48
  • I accidentally left them out of the post, but they are added. Still getting /login_check controller not found. Commented Nov 8, 2012 at 14:51
  • login/check_path should be children of form_login Commented Nov 8, 2012 at 15:44

1 Answer 1

Reset to default
2
  1. Create your User class that implements Symfony\Component\Security\Core\User\UserInterface.

  2. Create a custom encoder service:

    1. Create a service that implements Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface

    2. Register that service as encoder for your User class in security.yml:

      security:
    encoders:
        MyCustomBundle\Entity\User:  # Class/interface from point #1
            id: my.encoder.service   # Service id from point #2.1

  3. Create a custom user provider:

    1. Create a service that implements Symfony\Component\Security\Core\User\UserProviderInterface

    2. Register that service as user provider in security.yml:

      security:
    [...]

    providers:
        my_custom_user_provider:
            id: my.user_provider.service # Service id from point #3.1

Check out FOSUserBundle to see an example of implementation of custom user provider.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I have the User and User Provider. Don't I also need a custom authentication provider somewhere?
Could you describe auth process? Is there a form with username/password fields? If there is, you won't need custom entry point/auth provider.
Yes - just a basic username and password field. Could you post what a sample security.yml might look like for this scenario?
Also, can you speak to the role of the User class and User provider? Which one do I actually validate the submitted $username and $password against the db?
That should be everthing you need, please edit your question and post what have you tried. Among encoders and providers your security.yml file should contain firewalls (you should define at least one with form_login entry point), role_hierarhy and access_control - see Symfony's docs.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.