基于sfGuardPlugin的symfony和CAS单点登录的集成

项目中碰到需要将symfony集成到CAS中，但是由于采用了sfGuardPlugin插件做为用户控制，google不得，经过试验以下代码可以满足实现单点登录及自动创建用户功能，不足之处请大家悉心指教，谢谢。

需要更改以下文件并将phpCAS客户端中CAS.php置于plugins/sfDoctrineGuardPlugin/modules/sfGuardAuth/lib/vendor，更改的文件列表：

1. 在应用的配置文件中，配置cas服务器的基本信息 apps/frontend/config/app.yml

all:
  cas:
    host: your.cas.host
    port: 443
    context: /cas
    cacertpath:
    autoregister: true

2. 在sfGuardAuth/actions/actions.class.php中新建login和logout的action

class sfGuardAuthActions extends BasesfGuardAuthActions
{
    private $cas_host;
    private $cas_port;
    private $cas_context;
    private $cas_cacertpath;

    public function __construct($context, $moduleName, $actionName) {
        parent::__construct($context, $moduleName, $actionName);
        // 初始化参数
        $this->cas_host = sfConfig::get('app_cas_host');
        $this->cas_port = sfConfig::get('app_cas_port');
        $this->cas_context = sfConfig::get('app_cas_context');
        $this->cas_cacertpath = sfConfig::get('app_cas_cacertpath');
    }

    public function executeLogin($request){
        // 获取当前用户，判断是否登录
        $user = $this->getUser();
        if($user->isAuthenticated()){
            return $this->redirect('@homepage');
        }else{
            $ticket = $request->getParameter('ticket');
            //匹配ticket参数
            if(preg_match('/^ST-\d+-[0-9a-zA-Z]{20}-cas$/',$ticket)){
                $str = preg_split('/\?/',$_SERVER['REQUEST_URI']);
                $service = 'http://'.$_SERVER['HTTP_HOST'].$str[0];
                $cas_url = 'https://'.$this->cas_host.':'.strval($this->cas_port).$this->cas_context;
                $url = $cas_url.'/serviceValidate?service='.$service.'&ticket='.$ticket;
                // 获取验证结果并构建Dom树
                $string = file_get_contents($url);
                $result = new DOMDocument;
                $result->loadXML($string);
                $rf = $result->getElementsByTagName('authenticationFailure');
                if($rf->length!=0){
                    echo '认证错误:'.$rf->item(0)->nodeValue;
                }else{
                    $cas_user = $result->getElementsByTagName('user');
                    $user = Doctrine_Core::getTable('sfGuardUser')
                        ->createQuery('u')
                        ->where('u.username = ?', $cas_user->item(0)->nodeValue)
                        ->fetchOne();
                    if(!$user){
                        if(sfConfig::get('app_cas_autoregister')){
                            // 自动注册用户
                            $newnewuserprofile = new ecPersonProfile;
                            $newuserprofile->setFirstName($result->getElementsByTagName('name')->item(0)->nodeValue);
                            $newuserprofile->save();
                            $newnewuser = new sfGuardUser();
                            $newuser->setIsSuperAdmin(FALSE);
                            $newuser->setUsername($cas_user->item(0)->nodeValue);
                            $newuser->setEmailAddress($result->getElementsByTagName('email')->item(0)->nodeValue);
                            $newuser->setProfileId($newuserprofile->getId());
                            $newuser->setIsActive(1);
                            $newuser->save();
                            $user = Doctrine_Core::getTable('sfGuardUser')
                                ->createQuery('u')
                                ->where('u.username = ?', $cas_user->item(0)->nodeValue)
                                ->fetchOne();
                        }else{
                            echo '你的账户未在此系统内注册，请联系管理员！';
                        }
                    }
                    if($user){
                        $current_user = $this->getUser();
                        $current_user->signin($user);
                        if($current_user->isAuthenticated()){
                            $signinUrl = sfConfig::get('app_sf_guard_plugin_success_signin_url', $user->getReferer($request->getReferer()));
                            return $this->redirect('' != $signinUrl ? $signinUrl : '@homepage');
                        }
                    }else{
                        echo '你的账户未在此系统内注册，请联系管理员！';
                    }
                }
            }else{
                require_once(dirname(__FILE__).'/../lib/vendor/CAS.php');
                // 启动Debug
                phpCAS::setDebug();
                // 初始化phpCAS
                phpCAS::client(CAS_VERSION_2_0, $this->cas_host, $this->cas_port, $this->cas_context);
                phpCAS::setNoCasServerValidation();
                phpCAS::forceAuthentication();
            }
        return sfView::NONE;
        }
    }
    public function executeLogout(){
        require_once(dirname(__FILE__).'/../lib/vendor/CAS.php');
        // 启动Debug
        phpCAS::setDebug();
        // 初始化phpCAS
        phpCAS::client(CAS_VERSION_2_0, $this->cas_host, $this->cas_port, $this->cas_context);
        phpCAS::setNoCasServerValidation();
        $this->getUser()->signOut();
        phpCAS::logout();
        return sfView::NONE;
    }
}

 

3.路由中的登入登出设置，apps/frontend/config/routing.yml

sf_guard_signin:
  url:   /login
  param: { module: sfGuardAuth, action: login }

sf_guard_signout:
  url:   /logout
  param: { module: sfGuardAuth, action: logout }

4. 更改系统设置中的登入模块设置，apps/frontend/config/settings.yml

# ecNote sfDoctrinePlugin插件设置登入登出动作
login_module:           sfGuardAuth
login_action:           login

5. 添加模块中的安全设置，将登入登出动作设定为不需要通过认证，plugins/sfDoctrineGuardPlugin/modules/sfGuardAuth/config/security.yml

login:
  is_secure: false

logout:
  is_secure: false