Symfony&;Api解锁路径
我正面临一个问题,我不知道如何解决它。 所以,我用“FOSRESTBundle”构建了一个API,并使用“lexik_jwt_bundle”获取一个令牌 但是现在,他问我API的每个路由的令牌,而我希望在没有令牌的情况下可以访问路由。 我能怎么办 这是我的安全。yaml:Symfony&;Api解锁路径,api,symfony,Api,Symfony,我正面临一个问题,我不知道如何解决它。 所以,我用“FOSRESTBundle”构建了一个API,并使用“lexik_jwt_bundle”获取一个令牌 但是现在,他问我API的每个路由的令牌,而我希望在没有令牌的情况下可以访问路由。 我能怎么办 这是我的安全。yaml: security: encoders: App\Entity\User: algorithm: argon2i # https://symfony.com/doc/c
security:
encoders:
App\Entity\User:
algorithm: argon2i
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: email
# used to reload user from session & other features (e.g. switch_user)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
vehicule:
pattern: ^/api/vehicules
stateless: true
anonymous: true
lexik_jwt:
authorization_header:
enabled: false
prefix: Bearer
main:
anonymous: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/api/vehicule, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/vehicules, roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
您在
访问控制防火墙firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
json_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
vehicule:
pattern: ^/api/vehicules
stateless: true
anonymous: true
lexik_jwt:
authorization_header:
enabled: false
prefix: Bearer
api:
pattern: ^/api
stateless: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
main:
anonymous: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/vehicule, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/vehicules, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
将
{path:^/api,roles:IS_AUTHENTICATED_FULLY}/api/vehiclules