Symfony 2.0: How to correctly delegate user authentication to a separate service?

Question

In the Symfony 2.0 web app I'm helping to develop, we're using a custom-written service for user authentication that's used separately from the app itself. I need to implement the authentication\authorization for the app using this service.

I've read the "Security" chapter of the Symfony 2 book, as well as the cookbok entries concerning the creation of custom user and authentication providers. Unfortunaly, it seems that I can't just create the custom user provider, because there's no way I can just use the service to retrieve the user's data by login. I can only submit the user's login/password and see if the service authenticates him.

Which is why I thought of writing a custom authentication provider. The thing is, after reading the cookbook entry, I'm not completely sure that if I write an authentication provider that doesn't use user provider at all, the framework's code which uses the authentication provider won't attempt to create - and make use of - the user provider (I suppose that if it will, it'll just instantiate and use some default one?).

Does anyone have any thoughts on this matter?

Answer 1

It sounds like you are on the right track. You will create your custom Authentication Provider and also create a custom User Provider. Since it seems that your user provider won't actually need to access any data source it will be fairly empty. Probably just return a new User object with the username that was given.

public function loadUserByUsername($username)
{
    return new User($username);
}