Feature: configure root app for usage of JWT access token for wopi

2023-01-09 20:50:11 +01:00 · 2023-01-09 20:50:11 +01:00 · dc19006738
parent e55562c4cd
commit dc19006738
3 changed files with 18 additions and 2 deletions
--- a/config/packages/lexik_jwt_authentication.yaml
+++ b/config/packages/lexik_jwt_authentication.yaml
@ -2,3 +2,11 @@ lexik_jwt_authentication:
    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
    pass_phrase: '%env(JWT_PASSPHRASE)%'
+
+    # required for wopi - recommended duration
+    token_ttl: 36000
+
+    token_extractors:
+        query_parameter:
+            enabled: true
+            name: access_token
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -29,6 +29,14 @@ security:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

+        wopi:
+            pattern: ^/wopi
+            provider: chain_provider
+            stateless: true
+            guard:
+                authenticators:
+                    - lexik_jwt_authentication.jwt_token_authenticator
+
        default:
            anonymous: ~
            provider: chain_provider
@ -54,7 +62,7 @@ security:
        - { path: ^/saml/metadata, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(login|logout), roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/public, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/wopi, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/wopi, roles: IS_AUTHENTICATED_FULLY }
        # access for homepage, the homepage redirect admin to admin section
        - { path: ^/$, roles: [ IS_AUTHENTICATED_REMEMBERED ] }
        - { path: ^/homepage$, roles: [ IS_AUTHENTICATED_REMEMBERED ] }
--- a/config/routes/chill_wopi.yaml
+++ b/config/routes/chill_wopi.yaml
@ -1,3 +1,3 @@
 chill_wopi_bundle:
  resource: '@ChillWopiBundle/Resources/config/routes/routes.php'
-  prefix: /wopi
+  prefix: /chill/wopi