Home/ Questions/Q 8383999
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T17:18:18+00:00

I’m currently developing a new set of Restfull APIs on Symfony2.1, and they are

  • 0

I’m currently developing a new set of Restfull APIs on Symfony2.1, and they are for the moment under no firewall in my security.yml

    api:
        pattern: ^/api
        security: false

I have a RequestListener that “protect” them by checking if users give an Auth token or use Basic Auth. After correct login, we populate the security context with the user. (Maybe we could even make a firewall of that using a Factory?)

This works perfectly for external devs / organisations who want to use our API in their apps.

Now, I’d like us to rely on these same APIs inside our project (controllers, ajax calls..) and I was wondering now if we have to implement ourselves the API get-token or Basic Auth process to populate the security context of the API or if they could, in a way or another, retrieve magically the current security context of the main firewall. (it would save me the embarrassment of geting a token, saving it somewhere and passing it through my Backbonejs ajax calls all the way in my views).

Thanks for your thoughts on that! 🙂

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First of all, for basic auth, you could rely on the http_basic authentication provider, provided by Symfony2. No need to use a request listener. If you want to use a token-based authentication, write a Token authentication provider.

    Security contexts are separated, and you can’t interact with another context. They are completely partitioned. However, you can add as many authentication provider as you want.

    Using Backbone.js, you can keep the token-based strategy. For instance, pass the token to Backbone using a HTML attribute:

    <body data-token="xxxx">
    ...
</body>

    Then, just use it in your JavaScript app:

    $.ajaxSetup({
    headers: {
        'token': $('body').data('token')
    }
});

    See the $.ajaxSetup doc for more information.

    • 0