Wallogit.com
2017 © Pedro Peláez
a simple and easy way to implement WSSE authentication into Symfony2 applications
The MopaWSSEAuthentication bundle is a simple and easy way to implement WSSE authentication into Symfony2 applications, (*1)
app/autoload.php, (*2)
$loader->registerNamespaces(array(
//other namespaces
'Mopa' => __DIR__.'/../vendor/bundles',
));
app/AppKernel.php, (*3)
public function registerBundles()
{
return array(
//other bundles
new Mopa\Bundle\WSSEAuthenticationBundle\MopaWSSEAuthenticationBundle(),
);
...
app/config/config.yml, (*4)
# Mopa Rackspace Cloud Files configuration
mopa_wsse_authentication:
provider_class: Mopa\Bundle\WSSEAuthenticationBundle\Security\Authentication\Provider\WsseAuthenticationProvider
listener_class: Mopa\Bundle\WSSEAuthenticationBundle\Security\Firewall\WsseListener
factory_class: Mopa\Bundle\WSSEAuthenticationBundle\Security\Factory\WsseFactory
app/config/security.yml, (*5)
nonce_dir: location where nonces will be saved (use null to skip nonce-validation) lifetime: lifetime of nonce provider: user provider for wsse, optional, if not set first user provider configured will be used, (*6)
firewalls:
wsse_secured:
pattern: ^/api/.*
wsse:
nonce_dir: null
lifetime: 300
provider: my_user_provider
factories:
- "%kernel.root_dir%/../vendor/bundles/Mopa/WSSEAuthenticationBundle/Resources/config/security_factories.yml"
If you are not using the Plaintext encoder, the password the user must supply is the password you get from $user->getPassword() (for plaintext, this is the same yes!) If you provide it on a https secured site for copy / writing it down, this should be a secure way! The WSSE encrypting way is secure providing even plain text passwords, so using a already precrypted password is not considered to be more insecure., (*7)
This would e.g. be the case if you are using FOSUserBundle and its user provider as provider for WSSEAuthenticationBundle, (*8)
a simple and easy way to implement WSSE authentication into Symfony2 applications
authentication symfony2 wsse