I try to write custom authentication provider for LDAP-authentication using silex documentation - Defining a custom Authentication Provider.
But if I look into $app['security.authentication_providers'] there are two providers. One that I defined App\LdapAuthenticationProvider and one  Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider
And when I try to authorize user I get error because there is call of a App\LdapUserProvider::loadUserByUsername() from class DaoAuthenticationProvider.
If I would have only one provider in $app['security.authentication_providers'] I think I should not get error because my LDAP-provider do not call loadUserByUsername.
Here is dump of $app['security.authentication_providers']
    
array (size=2)
  0 => object(App\LdapAuthenticationProvider)[194]
    private 'userProvider' => 
      object(App\LdapUserProvider)[176]
        private 'ldap' => resource(57, ldap link)
        private 'defaultRoles' => 
          array (size=1)
          ...
    private 'providerKey' => string 'default' (length=7)
  1 => object(Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider)[195]
    private 'encoderFactory' => 
      object(Symfony\Component\Security\Core\Encoder\EncoderFactory)[197]
        private 'encoders' => 
          array (size=1)
          ...
    private 'userProvider' => 
      object(App\LdapUserProvider)[176]
        private 'ldap' => resource(57, ldap link)
        private 'defaultRoles' => 
          array (size=1)
          ...
    private 'hideUserNotFoundExceptions' (Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider) => boolean true
    private 'userChecker' (Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider) => object(Symfony\Component\Security\Core\User\UserChecker)[196]
    private 'providerKey' (Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider) => string 'default' (length=7)
So, does anybody know why there are extra provider and how can I get rid of it?
There are code for bootstraping application, LdapAuthenticationListener and LdapAuthenticationProvider.
The Authentication Provider. The standard and most common implementation is the DaoAuthenticationProvider – which retrieves the user details from a simple, read-only user DAO – the UserDetailsService. This User Details Service only has access to the username in order to retrieve the full user entity – and in a large number of scenarios,...
To authenticate via OAuth using a third-party service such as Google, Facebook or Twitter, try using the HWIOAuthBundle community bundle. If you have read the article on Security, you understand the distinction Symfony makes between authentication and authorization in the implementation of security.
The Authentication Provider Spring Security provides a variety of options for performing authentication. These follow a simple contract – an Authentication request is processed by an AuthenticationProvider and a fully authenticated object with full credentials is returned.
For example, when authenticating against some external, third party service (such as Crowd) – both the username and the password from the authentication request will be necessary. For these, more advanced scenarios, we'll need to define a custom Authentication Provider:
Problem is solved.
I've just extended my LdapAuthenticationListener class with symfony2 UsernamePasswordFormAuthenticationListener and change bootstarp like this:
$app['security.authentication_listener.factory.ldap'] = $app->protect(
    function ($name, $options) use ($app) {
        $app['security.authentication_provider.'.$name.'.ldap'] = $app->share(
            function () use ($app) {
                return new LdapAuthenticationProvider(
                    $app['security.user_provider.default'],
                    'ldap'
                );
            }
        );
        $app['security.authentication_listener.'.$name.'.ldap'] = $app->share(
            function () use ($app, $name, $options) {
                $app['security.authentication.success_handler.'.$name] =
                    $app['security.authentication.success_handler._proto']($name, $options);
                $app['security.authentication.failure_handler.'.$name] =
                    $app['security.authentication.failure_handler._proto']($name, $options);
                return new LdapAuthenticationListener(
                    $app['security'],
                    $app['security.authentication_manager'],
                    $app['security.session_strategy'],
                    $app['security.http_utils'],
                    $name,
                    $app['security.authentication.success_handler.'.$name],
                    $app['security.authentication.failure_handler.'.$name],
                    array_merge(
                        array(
                            'check_path' => '/admin/login_check',
                            'login_path' => '/login',
                        ),
                        $options
                    ),
                    $app['logger'],
                    $app['dispatcher'],
                    null
                );
            }
        );
        return array(
            'security.authentication_provider.'.$name.'.ldap',
            'security.authentication_listener.'.$name.'.ldap',
            null,
            'pre_auth'
        );
    }
I need custom authentication listener to overwrite token in authentication method and authentication provider retrieve user from user provider by username and password $this->userProvider->loadUserByUsernameAndPassword($usernam, $password)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With