使用 JWT 身份验证包时 authentication_listener 不起作用

Question

由于旧的应用程序更改，我正在将 lexik/jwtautheticationbundle 1.3 版与 symfony 2.8 集成。

我已管理集成并生成 JWT 授权令牌，但我想在 lexit_jwt 中使用 cookie 和 authentication_listener，我使用了但它没有任何效果。如果我使用cookie，令牌应该保存在cookie中，但它保存在会话中。

谁能告诉我为什么启用 cookie 不起作用？

Security.yml

security:
    encoders:
        AppBundle\Entity\User:
            algorithm: bcrypt
    providers:
        db_provider:
            entity:
                class: AppBundle:User
                property: username

    firewalls:
        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            provider: db_provider
            form_login:
                check_path:               /api/login_check
                username_parameter:       username
                password_parameter:       password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
                require_previous_session: false
                
        api:
            pattern:   ^/api
            stateless: true
            anonymous: true
            provider: db_provider
            lexik_jwt:
                authentication_listener: storefront.listener.jwt_authentication
                cookie:
                    enabled: true
                    name: IDENTITY
       
    
    access_control:
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
        

services.yml

# Learn more about services, parameters and containers at
# https://symfony.com/doc/current/service_container.html
parameters:
    #parameter_name: value

services:

#service_name:
#    class: AppBundle\Directory\ClassName
#    arguments: ['@another_service_name', 'plain_value', '%parameter_name%']

storefront.listener.jwt_authentication:
    class: AppBundle\Listener\AuthenticationListener
    arguments:
        - "@security.token_storage"
        - "@security.authentication.manager"
        - []

AuthenicationListener.php

<?php

namespace AppBundle\Listener;

use Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\JWTUserToken;
use Lexik\Bundle\JWTAuthenticationBundle\Security\Firewall\JWTListener;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\Security\Core\Exception\AuthenticationException;

class AuthenticationListener extends JWTListener
{
    public function handle(GetResponseEvent $event): void
    {
        if (!($requestToken = $this->getRequestToken($event->getRequest()))) {
            return;
        }

        $token = new JWTUserToken();
        $token->setRawToken($requestToken);
        try {
            $authToken = $this->authenticationManager->authenticate($token);
            $this->tokenStorage->setToken($authToken);

            return;
        } catch (AuthenticationException $failed) {
            if ($this->config['throw_exceptions']) {
                throw $failed;
            }
        }
    }
}

Answer 1

我想当cookie被启用时，它会将令牌保存在浏览器的cookie中，但这意味着只从cookie中读取令牌。所以我想到了自己。还是谢谢你