Closed andersonkoester closed 9 years ago
I will check this out
It works when I removed "(role)" from pattern of this security config:
wsse_secured:
pattern: (.*)/(role)(.*)
context: user
stateless: true
Like I said, I didn't understand this concept, now I found this little trick on pattern in security.yml.
Now, my logged user is allowed to access all secured methods.
thx for the trick but how do you access to salt.json with your pattern ?
@kahllac, I'm using an unique salt for each user (FOSUserBundle implementation) and it's save on my DB.
sorry, i don't understand. you never call the services user/salt.json ? With the pattern "(.)/(role)(.)" i can login and get the response au /token.json but i can't call the users.json service. Without "role" i can call users.json but can't login (can't call salt.json by ex.)
thx
I'm sorry, I got it wrong. Let's see my actual security config file:
wsse_secured:
// this line grant security for this url patterns (/mng/*, /account/* and /app/*) and it can't manage url using this patterns (/account/salt and /account/remember)
pattern: (.*)/(mng|account|app)(?!/(.*)(salt|remember))(.*)
context: user
stateless: true
wsse:
nonce_dir: null
provider: fos_userbundle
lifetime: 6000
anonymous: false
I realy don't know if this way is the best, but I created, using regular expression, a simple filter on my security configuration to avoid the SecurityBundle deny these two urls that work without authentication token.
thx for your answere. How did you manage the username param in salt.json call ? api/v1/users/USERNAME/salt.json
Correct, my salt call is: /account/{username}/salt.json
Thx, with your pattern and some change it's work.
Hi, I'm running this project, I guess I'm not understanding well this concepts. I'm calling /api/v1/tokens.json and getting a token, based on my access's information. But, when I'll call some other secured method I get 401.
I'm using x-wsse and authorization headers: X-WSSE: UsernameToken Username="andersonkoester", PasswordDigest="C/s2VtFhLHEeKmOgxgjyTWPsU0o=", Nonce="ZWE5Y2Q1YWU1MjdlZTExNQ==", Created="2015-03-03T18:40:55-03:00" Authorization: WSSE profile="UsernameToken"
My idea is use this project integrated on other sample project I'm programming, but the returns are breaking my head right in the middle.
I don't think it was a issue, like I said, I think I'm not understanding well how it works.