whisper/stateless-user-bundle

Symfony2 bundle to provide a working stateless security solution.

v0.1.6 2013-12-21 20:27 UTC

README

Build Status

Introduction

This is a Symfony2 Bundle which extends friendsofsymfony/user-bundle, escapestudios/wsse-authentication-bundle and friendsofsymfony/rest-bundle in order to provide a working stateless security solution for REST applications.

Installation

composer.json

"require": {
    ...
    "whisper/stateless-user-bundle": "0.1.0",
    ...
}

app/AppKernel.php

public function registerBundles()
{
    return array(
        //...
        new Whisper\Bundle\StatelessUserBundle\WhisperStatelessUserBundle(),
        //...
    );
    ...

app/config/config.yml

fos_user:
    db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
    user_class: Whisper\Bundle\StatelessUserBundle\Entity\User
    firewall_name: wsse

app/config/routing.yml

whisper_user:
    resource: "@WhisperStatelessUserBundle/Resources/config/routing.yml"
    type: rest

app/config/security.yml Since this configuration is specially tedious in future releases it will be automatically loaded by the bundle.

security:
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    encoders:
        FOS\UserBundle\Model\UserInterface: { id: whisper.stateless_user.password_encoder }

    firewalls:
        public:
            pattern: "^/users/([a-z]+)/salt"
            security: false
        wsse_secured:
            pattern:   ^/.*
            stateless: true
            anonymous: true
            wsse:
                nonce_dir: "%kernel.cache_dir%/nonces" #location where nonces will be saved; use null to skip nonce-validation
                lifetime: 300 #lifetime of nonce
                realm: "Secured API" #identifies the set of resources to which the authentication information will apply (WWW-Authenticate)
                profile: "UsernameToken" #WSSE profile (WWW-Authenticate)
                encoder: #digest algorithm
                    algorithm: sha1
                    encodeHashAsBase64: true
                    iterations: 0 # This configuration could generate issues with a javascript client.

    access_control:
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, methods: [OPTIONS] }