Date: Mon, 15 Oct 2012 09:38:11 -0700 (PDT) From: Alessandro Desantis <desa.alessan...@gmail.com> To: symfony2@googlegroups.com Message-Id: <7faf90a8-9c7b-4ff1-8da7-3a79e804fd16@googlegroups.com> In-Reply-To: <2c5c9e53-8ac3-4def-b6cb-4b7ee0beffde@googlegroups.com> References: <492a91b5-f880-44c2-ac06-f672e9c9bb27@googlegroups.com> <2c5c9e53-8ac3-4def-b6cb-4b7ee0beffde@googlegroups.com> Subject: Re: Newbie seeking advice on best way to implement a pre processing check on all requests MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_481_20808868.1350319091421" ------=_Part_481_20808868.1350319091421 Content-Type: multipart/alternative; boundary="----=_Part_482_30362213.1350319091421" ------=_Part_482_30362213.1350319091421 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable For a very simple authentication check (API key), I've just used a listener= =20 for *kernel.request*. It isn't so dirty IMO, and it works well. Obviously if your authentication logic is a bit more complex it might be=20 better to use an authentication provider. Il giorno luned=C3=AC 15 ottobre 2012 10:50:22 UTC+2, Rob Dudley ha scritto= : > > Further to my last, > > I've since reviewed the documentation further and have found the Custom= =20 > Authentication Provider example which looks like it will do exactly what = I=20 > need: > > > http://symfony.com/doc/2.0/cookbook/security/custom_authentication_provid= er.html > > Thanks anyway. > > Rob > > On Friday, October 5, 2012 3:25:38 PM UTC+1, Rob Dudley wrote: >> >> Hello everyone, >> >> I'm a new comer to Symfony proper so please bear that in mind if anythin= g=20 >> I ask or say in this post seems foolish or ignorant. >> >> I'm looking for the best way to implement a "check" that will run on=20 >> every single request. In essence this is actually an authentication=20 >> procedure whereby a HMAC hash will be appended to *every* request and=20 >> must be checked / verified in order to authenticate that request as vali= d.=20 >> A valid request will provide a session id and user id* which are then us= ed=20 >> in the processing of the request so any solution needs to fire before th= e=20 >> controller is invoked (or as the first stage in the controller's flow). >> >> I already have the library to handle the check but am unsure as to the= =20 >> best way to implement it. In the project's current implementation in Sli= m=20 >> Framework, the check is a global middleware call but I understand that s= uch=20 >> things work differently in Symfony.=20 >> >> Should I be looking at some kind of extension of the kernel.request even= t=20 >> handler? If so can anyone point me at an example of code that extends th= is? >> >> Or am I looking in the wrong place entirely? Suggestions are entirely=20 >> welcome for any alternative that would achieve the same result. >> >> Rob >> >> * In case anyone is wondering why I'm doing all of this it's=20 >> to achieve single sign on with a completely separate .NET application th= at=20 >> handles the user management and then hands them off to my app for certai= n=20 >> key functions. >> > ------=_Part_482_30362213.1350319091421 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable For a very simple authentication check (API key), I've just used a listener= for <b>kernel.request</b>. It isn't so dirty IMO, and it works well.<br><b= r>Obviously if your authentication logic is a bit more complex it might be = better to use an authentication provider.<br><br>Il giorno luned=C3=AC 15 o= ttobre 2012 10:50:22 UTC+2, Rob Dudley ha scritto:<blockquote class=3D"gmai= l_quote" style=3D"margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;= padding-left: 1ex;">Further to my last,<div><br></div><div>I've since revie= wed the documentation further and have found the Custom Authentication Prov= ider example which looks like it will do exactly what I need:</div><div><br= ></div><div><a href=3D"http://symfony.com/doc/2.0/cookbook/security/custom_= authentication_provider.html" target=3D"_blank">http://symfony.com/doc/2.0/= <wbr>cookbook/security/custom_<wbr>authentication_provider.html</a></div><d= iv><br></div><div>Thanks anyway.</div><div><br></div><div>Rob<br><br>On Fri= day, October 5, 2012 3:25:38 PM UTC+1, Rob Dudley wrote:<blockquote class= =3D"gmail_quote" style=3D"margin:0;margin-left:0.8ex;border-left:1px #ccc s= olid;padding-left:1ex">Hello everyone,<div><br></div><div>I'm a new comer t= o Symfony proper so please bear that in mind if anything I ask or say in th= is post seems foolish or ignorant.</div><div><br></div><div>I'm looking for= the best way to implement a "check" that will run on every single request.= In essence this is actually an authentication procedure whereby a HMAC has= h will be appended to <i>every</i> request and must be checked / verified i= n order to authenticate that request as valid. A valid request will provide= a session id and user id* which are then used in the processing of the req= uest so any solution needs to fire before the controller is invoked (or as = the first stage in the controller's flow).</div><div><br></div><div>I alrea= dy have the library to handle the check but am unsure as to the best way to= implement it. In the project's current implementation in Slim Framewo= rk, the check is a global middleware call but I understand that such things= work differently in Symfony. </div><div><br></div><div>Should I be lo= oking at some kind of extension of the kernel.request event handler? If so = can anyone point me at an example of code that extends this?</div><div><br>= </div><div>Or am I looking in the wrong place entirely? Suggestions ar= e entirely welcome for any alternative that would achieve the sam= e result.</div><div><br></div><div>Rob</div><div><br></div><div>* In case a= nyone is wondering why I'm doing all of this it's to achieve sing= le sign on with a completely separate .NET application that handl= es the user management and then hands them off to my app for certain key fu= nctions.</div></blockquote></div></blockquote> ------=_Part_482_30362213.1350319091421-- ------=_Part_481_20808868.1350319091421--
Message from discussion Newbie seeking advice on best way to implement a pre processing check on all requests
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |