Symfony3 JMSSecurityExtraBundle重定向循环已在访问控制中验证
我将(1.6.1)与Symfony3 JMSSecurityExtraBundle重定向循环已在访问控制中验证,jms,symfony,access-control,Jms,Symfony,Access Control,我将(1.6.1)与 Symfony 3.1 FOSUserBundle JMSI18nRoutingBundle JMSTranslationBundle 当我登录并尝试访问登录页面时,一切正常。(403拒绝例外) 但若我并没有经过身份验证,并试图访问登录页面,我会有一个重定向循环 配置错误?还是JMSI18nRoutingBundle的bug?有什么想法吗 encoders: FOS\UserBundle\Model\UserInterface: bcrypt role_hie
- Symfony 3.1
- FOSUserBundle
- JMSI18nRoutingBundle
- JMSTranslationBundle
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
login_path: fos_user_security_login
check_path: fos_user_security_check
oauth:
resource_owners:
facebook: "/connect/check-facebook"
google: "/connect/check-google"
twitter: "/connect/check-twitter"
login_path: fos_user_security_login
failure_path: /connect
oauth_user_provider:
service: customUserProvider
logout:
path: fos_user_security_logout
anonymous: true
access_control:
- { path: "^/[a-z]{2}_[A-Z]{2}/login$", role: "!is_Authenticated()" }
- { path: "^/[a-z]{2}_[A-Z]{2}/register", role: "!is_Authenticated()" }
- { path: "^/[a-z]{2}_[A-Z]{2}/resetting", role: "!is_Authenticated()" }
- { path: "^/[a-z]{2}_[A-Z]{2}/(account|compte){1}", role: IS_AUTHENTICATED_REMEMBERED }
- { path: "^/[a-z]{2}_[A-Z]{2}/(recipe/add|recette/ajouter){1}", role: IS_AUTHENTICATED_REMEMBERED }
- { path: "^/[a-z]{2}_[A-Z]{2}/(recipe/.*/edit|recette/.*/editer){1}", role: IS_AUTHENTICATED_REMEMBERED }
感谢所有的是经过身份验证的()
在这种情况下是不够的,因为匿名的用户被自动分配了是经过身份验证的
角色,因此是经过身份验证的
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
以上是一个可能的解决方案,您可以使用它来防止循环