@@ -47,7 +47,7 @@ value and then a User object is created::
4747 // $apiKey = $request->headers->get('apikey');
4848
4949 if (!$apiKey) {
50- throw new BadCredentialsException('No API key found' );
50+ throw new BadCredentialsException();
5151
5252 // or to just skip api key authentication
5353 // return null;
@@ -60,6 +60,11 @@ value and then a User object is created::
6060 );
6161 }
6262
63+ public function supportsToken(TokenInterface $token, $providerKey)
64+ {
65+ return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
66+ }
67+
6368 public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
6469 {
6570 if (!$userProvider instanceof ApiKeyUserProvider) {
@@ -91,16 +96,11 @@ value and then a User object is created::
9196 $user->getRoles()
9297 );
9398 }
94-
95- public function supportsToken(TokenInterface $token, $providerKey)
96- {
97- return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
98- }
9999 }
100100
101101Once you've :ref: `configured <cookbook-security-api-key-config >` everything,
102102you'll be able to authenticate by adding an apikey parameter to the query
103- string, like ``http://example.com/admin /foo?apikey=37b51d194a7513e45b56f6524f2d51f2 ``.
103+ string, like ``http://example.com/api /foo?apikey=37b51d194a7513e45b56f6524f2d51f2 ``.
104104
105105The authentication process has several steps, and your implementation will
106106probably differ:
@@ -185,7 +185,7 @@ The ``$userProvider`` might look something like this::
185185 null,
186186 // the roles for the user - you may choose to determine
187187 // these dynamically somehow based on the user
188- array('ROLE_USER ')
188+ array('ROLE_API ')
189189 );
190190 }
191191
@@ -257,6 +257,7 @@ would allow you to have custom data on the ``User`` object.
257257
258258Finally, just make sure that ``supportsClass() `` returns ``true `` for User
259259objects with the same class as whatever user you return in ``loadUserByUsername() ``.
260+
260261If your authentication is stateless like in this example (i.e. you expect
261262the user to send the API key with every request and so you don't save the
262263login to the session), then you can simply throw the ``UnsupportedUserException ``
@@ -270,7 +271,7 @@ exception in ``refreshUser()``.
270271Handling Authentication Failure
271272-------------------------------
272273
273- In order for your ``ApiKeyAuthenticator `` to correctly display a 403
274+ In order for your ``ApiKeyAuthenticator `` to correctly display a 401
274275http status when either bad credentials or authentication fails you will
275276need to implement the :class: `Symfony\\ Component\\ Security\\ Http\\ Authentication\\ AuthenticationFailureHandlerInterface ` on your
276277Authenticator. This will provide a method ``onAuthenticationFailure `` which
@@ -297,7 +298,7 @@ you can use to create an error ``Response``.
297298 // this contains information about *why* authentication failed
298299 // use it, or return your own message
299300 strtr($exception->getMessageKey(), $exception->getMessageData()),
300- 403
301+ 401
301302 );
302303 }
303304 }
@@ -366,7 +367,7 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
366367
367368 firewalls :
368369 secured_area :
369- pattern : ^/admin
370+ pattern : ^/api
370371 stateless : true
371372 simple_preauth :
372373 authenticator : apikey_authenticator
@@ -389,7 +390,7 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
389390 <!-- ... -->
390391
391392 <firewall name =" secured_area"
392- pattern =" ^/admin "
393+ pattern =" ^/api "
393394 stateless =" true"
394395 provider =" api_key_user_provider"
395396 >
@@ -409,7 +410,7 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
409410 $container->loadFromExtension('security', array(
410411 'firewalls' => array(
411412 'secured_area' => array(
412- 'pattern' => '^/admin ',
413+ 'pattern' => '^/api ',
413414 'stateless' => true,
414415 'simple_preauth' => array(
415416 'authenticator' => 'apikey_authenticator',
@@ -424,6 +425,44 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
424425 ),
425426 ));
426427
428+ access_control ``, make sure to add a new entry:
429+
430+ .. configuration-block ::
431+
432+ .. code-block :: yaml
433+
434+ # app/config/security.yml
435+ security :
436+ # ...
437+
438+ access_control :
439+ - { path: ^/api, roles: ROLE_API }
440+
441+ code-block :: xml
442+
443+ <!-- app/config/security.xml -->
444+ <?xml version =" 1.0" encoding =" UTF-8"
445+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
446+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
447+ xmlns : srv =" http://symfony.com/schema/dic/services"
448+ xsi : schemaLocation =" http://symfony.com/schema/dic/services
449+ http://symfony.com/schema/dic/services/services-1.0.xsd" >
450+
451+ <rule path =" ^/api" role =" ROLE_API"
452+ </srv : container >
453+
454+ code-block :: php
455+
456+ // app/config/security.php
457+ $container->loadFromExtension('security', array(
458+ 'access_control' => array(
459+ array(
460+ 'path' => '^/api',
461+ 'role' => 'ROLE_API',
462+ ),
463+ ),
464+ ));
465+
427466ApiKeyAuthenticator `` should be called at the beginning
428467of each request and your authentication process will take place.
429468
@@ -456,7 +495,7 @@ configuration or set it to ``false``:
456495
457496 firewalls :
458497 secured_area :
459- pattern : ^/admin
498+ pattern : ^/api
460499 stateless : false
461500 simple_preauth :
462501 authenticator : apikey_authenticator
@@ -479,7 +518,7 @@ configuration or set it to ``false``:
479518 <!-- ... -->
480519
481520 <firewall name =" secured_area"
482- pattern =" ^/admin "
521+ pattern =" ^/api "
483522 stateless =" false"
484523 provider =" api_key_user_provider"
485524 >
@@ -498,7 +537,7 @@ configuration or set it to ``false``:
498537 $container->loadFromExtension('security', array(
499538 'firewalls' => array(
500539 'secured_area' => array(
501- 'pattern' => '^/admin ',
540+ 'pattern' => '^/api ',
502541 'stateless' => false,
503542 'simple_preauth' => array(
504543 'authenticator' => 'apikey_authenticator',
0 commit comments