Geek asks and answers

How does symfony listen to _switch_user?

I have an application in which I have a super admin role and various user roles with different privileges. I want to be able to personalize myself as any of these users using the query _switch_user, as shown at http://symfony.com/doc/current/book/security.html#impersonating-a-user

However, when I add the request to the end of my URL, it does nothing. I have been dealing with this for a long time and cannot find a solution. I know that the user I registered with has ROLE_ALLOWED_TO_SWITCH, but I canโ€™t understand how symfony does it.

I use my own authentication provider, so I think it has something to do with it, but I'm not sure what I need to look at. I can post any code, but I'm really not sure what to do right now.

+5
source share
1 answer

So, I dug up something else and found out that the class Listenerfor my custom authentication provider was not spelled correctly. It was written in such a way that a new one was created at each page load Token.

As a result, two things had to be done.

The first was a change in the authentication listener, similar to those contained in the Symfony Firewall Listeners , the general structure of which is shown below.

if (null !== $token = $this->securityContext->getToken()) {
    if ($token instanceof UsernamePasswordToken && $token->isAuthenticated() &&
        $token->getUsername() === $username) {
            return;
    }
}

, . , , , .

-, , . , - . , , SwitchUserRole, . , if .

foreach ($token->getRoles() as $role) {
    if ($role instanceof SwitchUserRole) {
        $token = $role->getSource();
            break;
    }
}

, , , , , , , .

+4

More articles:


All Articles