@@ -54,6 +54,11 @@ value and then a User object is created::
5454 );
5555 }
5656
57+ public function supportsToken(TokenInterface $token, $providerKey)
58+ {
59+ return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
60+ }
61+
5762 public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
5863 {
5964 if (!$userProvider instanceof ApiKeyUserProvider) {
@@ -83,11 +88,6 @@ value and then a User object is created::
8388 $user->getRoles()
8489 );
8590 }
86-
87- public function supportsToken(TokenInterface $token, $providerKey)
88- {
89- return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
90- }
9191 }
9292
9393Once you've :ref: `configured <cookbook-security-api-key-config >` everything,
@@ -177,7 +177,7 @@ The ``$userProvider`` might look something like this::
177177 null,
178178 // the roles for the user - you may choose to determine
179179 // these dynamically somehow based on the user
180- array('ROLE_USER ')
180+ array('ROLE_API ')
181181 );
182182 }
183183
@@ -249,6 +249,7 @@ would allow you to have custom data on the ``User`` object.
249249
250250Finally, just make sure that ``supportsClass() `` returns ``true `` for User
251251objects with the same class as whatever user you return in ``loadUserByUsername() ``.
252+
252253If your authentication is stateless like in this example (i.e. you expect
253254the user to send the API key with every request and so you don't save the
254255login to the session), then you can simply throw the ``UnsupportedUserException ``
@@ -262,7 +263,7 @@ exception in ``refreshUser()``.
262263Handling Authentication Failure
263264-------------------------------
264265
265- In order for your ``ApiKeyAuthenticator `` to correctly display a 403
266+ In order for your ``ApiKeyAuthenticator `` to correctly display a 401
266267http status when either bad credentials or authentication fails you will
267268need to implement the :class: `Symfony\\ Component\\ Security\\ Http\\ Authentication\\ AuthenticationFailureHandlerInterface ` on your
268269Authenticator. This will provide a method ``onAuthenticationFailure `` which
@@ -285,7 +286,7 @@ you can use to create an error ``Response``.
285286
286287 public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
287288 {
288- return new Response("Authentication Failed.", 403 );
289+ return new Response("Authentication Failed.", 401 );
289290 }
290291 }
291292
@@ -411,6 +412,46 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
411412 ),
412413 ));
413414
415+ access_control `, make sure to add new entry:
416+
417+ .. configuration-block ::
418+
419+ .. code-block :: yaml
420+
421+ # app/config/security.yml
422+ security :
423+ # ...
424+
425+ access_control :
426+ - { path: ^/admin, roles: ROLE_API }
427+
428+ code-block :: xml
429+
430+ <!-- app/config/security.xml -->
431+ <?xml version =" 1.0" encoding =" UTF-8"
432+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
433+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
434+ xmlns : srv =" http://symfony.com/schema/dic/services"
435+ xsi : schemaLocation =" http://symfony.com/schema/dic/services
436+ http://symfony.com/schema/dic/services/services-1.0.xsd" >
437+
438+ <rule path =" ^/admin"
439+ role =" ROLE_API"
440+ />
441+ </srv : container >
442+
443+ code-block :: php
444+
445+ // app/config/security.php
446+ $container->loadFromExtension('security', array(
447+ 'access_control' => array(
448+ array(
449+ 'path' => '^/admin',
450+ 'role' => 'ROLE_API',
451+ ),
452+ ),
453+ ));
454+
414455ApiKeyAuthenticator `` should be called at the beginning
415456of each request and your authentication process will take place.
416457
0 commit comments