authentication on API

This commit is contained in:
Nicolas Lœuillet 2015-02-09 13:59:48 +01:00
parent 89c03230c3
commit 0ac38198ab
2 changed files with 11 additions and 3 deletions

View file

@ -16,9 +16,11 @@ security:
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
#wsse_secured:
# pattern: /api/.*
# wsse: true
wsse_secured:
pattern: /api/.*
wsse: true
stateless: true
anonymous: true
login_firewall:
pattern: ^/login$
anonymous: ~

View file

@ -44,6 +44,12 @@ class WsseProvider implements AuthenticationProviderInterface
if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) {
throw new NonceExpiredException('Previously used nonce detected');
}
// If cache directory does not exist we create it
if (!is_dir($this->cacheDir)) {
mkdir($this->cacheDir, 0777, true);
}
file_put_contents($this->cacheDir.'/'.$nonce, time());
// Valide le Secret