diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst
index 220d8cdc5ac..0410519eae5 100644
--- a/cookbook/security/custom_authentication_provider.rst
+++ b/cookbook/security/custom_authentication_provider.rst
@@ -208,6 +208,7 @@ the ``PasswordDigest`` header value matches with the user's password.
// src/AppBundle/Security/Authentication/Provider/WsseProvider.php
namespace AppBundle\Security\Authentication\Provider;
+ use Psr\Cache\CacheItemPoolInterface;
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
@@ -218,12 +219,12 @@ the ``PasswordDigest`` header value matches with the user's password.
class WsseProvider implements AuthenticationProviderInterface
{
private $userProvider;
- private $cacheDir;
+ private $cachePool;
- public function __construct(UserProviderInterface $userProvider, $cacheDir)
+ public function __construct(UserProviderInterface $userProvider, CacheItemPoolInterface $cachePool)
{
$this->userProvider = $userProvider;
- $this->cacheDir = $cacheDir;
+ $this->cachePool = $cachePool;
}
public function authenticate(TokenInterface $token)
@@ -258,19 +259,18 @@ the ``PasswordDigest`` header value matches with the user's password.
return false;
}
- // Validate that the nonce is *not* used in the last 5 minutes
- // if it has, this could be a replay attack
- if (
- file_exists($this->cacheDir.'/'.md5($nonce))
- && file_get_contents($this->cacheDir.'/'.md5($nonce)) + 300 > time()
- ) {
+ // Try to fetch the cache item from pool
+ $cacheItem = $this->cachePool->getItem(md5($nonce));
+
+ // Validate that the nonce is *not* in cache
+ // if it is, this could be a replay attack
+ if ($cacheItem->isHit()) {
throw new NonceExpiredException('Previously used nonce detected');
}
- // If cache directory does not exist we create it
- if (!is_dir($this->cacheDir)) {
- mkdir($this->cacheDir, 0777, true);
- }
- file_put_contents($this->cacheDir.'/'.md5($nonce), time());
+
+ // Store the item in cache for 5 minutes
+ $cacheItem->set(null)->expiresAfter(300);
+ $this->cachePool->save($cacheItem);
// Validate Secret
$expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true));
@@ -411,7 +411,7 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider``
class: AppBundle\Security\Authentication\Provider\WsseProvider
arguments:
- '' # User Provider
- - '%kernel.cache_dir%/security/nonces'
+ - '@cache.app'
public: false
wsse.security.authentication.listener:
@@ -433,7 +433,7 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider``
public="false"
>
- %kernel.cache_dir%/security/nonces
+
setPublic(false);