Search code examples
phpsymfony

Security with LDAP and JWT and Refresh Token

I’m trying to setup security based on LDAP and JWT. Everything seems to be working well excepted I have to override the success handler from LexikBundle to feat with the custom JWT provider I’m using https://github.com/lexik/LexikJWTAuthenticationBundle/blob/2.x/Security/Http/Authentication/AuthenticationSuccessHandler.php

Here security.yaml:

security:
    enable_authenticator_manager: true

    role_hierarchy:
        ROLE_READER: ROLE_USER
        ROLE_ADMIN: ROLE_READER

    providers:
        users:
            id: App\Security\UserProvider

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js|docs)/
            security: false
        login:
            pattern: ^/login
            provider: users
            stateless: true
            entry_point: json_login_ldap
            json_login_ldap:
                service: Symfony\Component\Ldap\Ldap
                check_path: login_check
                dn_string: 'uid={username},%env(LDAP_USER_DN)%'
                success_handler: app.security.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false
        status:
            pattern: ^/status
            provider: ~
            stateless: true
        main:
            pattern: ^/
            provider: custom_jwt
            stateless: true
            entry_point: jwt
            jwt: ~
            refresh_jwt:
                check_path: /login_refresh

This is working well to connect with the generated token. Otherwise I would need to override the refresh token success handler as well (I’m using Gesdinet https://packagist.org/packages/gesdinet/jwt-refresh-token-bundle).

How to achieve that?? I would need to override the success handler from Lexik everywhere it’s called. I believed this would work in service.yaml but it does not:

Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler:
    class: App\Security\Handler\AuthenticationSuccessHandler
Solution

  • I fixed everything by overriding Gesdinet Success Handler with my own like I did with Lexik.

    in service.yaml

    app.security.handler.authentication_success:
    class: App\Security\Handler\AuthenticationSuccessHandler

gesdinet.jwtrefreshtoken.security.authentication.success_handler:
    class: Gesdinet\JWTRefreshTokenBundle\Security\Http\Authentication\AuthenticationSuccessHandler
    arguments:
        $lexikAuthenticationSuccessHandler: '@app.security.handler.authentication_success'

    and I also updated security.yaml

    firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js|docs)/
        security: false
    login_refresh:
        pattern: ^/login_refresh
        provider: users
        stateless: true
        refresh_jwt:
            check_path: /login_refresh
    login:
        pattern: ^/login
        provider: users
        stateless: true
        json_login_ldap:
            service: Symfony\Component\Ldap\Ldap
            check_path: login_check
            dn_string: 'uid={username},%env(LDAP_USER_DN)%'
            success_handler: app.security.handler.authentication_success
            failure_handler: lexik_jwt_authentication.handler.authentication_failure
    status:
        pattern: ^/status
        provider: ~
        stateless: true
    main:
        pattern: ^/
        provider: custom_jwt
        stateless: true
        entry_point: jwt
        jwt: ~