3

I have two firewalls, one for my API calls (WSSE secured), one for my application. Both works well, but I need to authenticate user on the api firewall and in the same time on the application firewall and I can't do that.

My security.yml

firewalls:
    # Firewall for the api
    wsse_secured:
        pattern:   ^/api/.*
        wsse:
            nonce_dir: null
            lifetime: 300
            provider: fos_userbundle
        context: user

    # Firewall for the application
    main:
      pattern: /.*
      form_login:
            provider: fos_userbundle
            login_path:     fos_user_security_login
            check_path:     fos_user_security_check
            default_target_path: espace_perso
            always_use_default_target_path: false
            failure_path: fos_user_security_login
        logout:
            path: fos_user_security_logout
            target: fos_user_security_login
        oauth:
            resource_owners:
                facebook: "/login/check-facebook"
                linkedin: "/login/check-linkedin"
                google: "/login/check-google"
            login_path: fos_user_security_login
            oauth_user_provider:
                service: bg.oauth.user_provider
        anonymous: true
        context: user

I already read other post (this question, this one and this one) and as you can see, add the context don't work in my case.

I try to add manually the wsse header that I need, or create a new WsseToken for my user with events, without success.

I really need help for this problem which must be common...

Community
  • 1
  • 1
Maxime Picard
  • 603
  • 5
  • 17
  • Wsse is managed via HTTP headers and form_login via cookie. How are you trying to access your API ? – rolebi Sep 10 '14 at 14:05
  • I Access my API via HTTP headers as you say. For example, i have a form behind my "main" firewall, but the action of this form is behind my "wsse_secured" firewall. So when I click on "validate", the "wsse_secured" firewall send me a 403 because I'm not authenticated on this firewall. – Maxime Picard Sep 10 '14 at 14:18

1 Answers1

0

As I understand, you want to reuse the action in your API to be accessible by the user. If not, please give some more details.

Best thing would be to just make another route for the same action, just under the different firewall.

Assuming you have:

<route id="api_form_validate" pattern="/api/validate-form">
    <default key="_controller">Bundle:ApiController:validateForm</default>
</route>

Add:

<route id="user_form_validate" pattern="/user/validate-form">
    <default key="_controller">Bundle:ApiController:validateForm</default>
</route>

And change form action from api_form_validate to user_form_validate.

Marius Balčytis
  • 2,601
  • 20
  • 22
  • Yes it's a solution that I had, but I didn't want to have multiple duplicates route. I changed my authentication method so this is good now. Thanks for your answer :) – Maxime Picard Sep 29 '14 at 12:25