Symfony 认证用户和匿名用户的我的网站/主页
我不明白我的问题。我只想:Symfony 认证用户和匿名用户的我的网站/主页,symfony,Symfony,我不明白我的问题。我只想: /重定向/主页 /主页不安全,但登录用户可以导航到 整个网站 未经身份验证的用户只能查看主页 人们可以注册一个帐户来访问整个网站 这就是我的security.yml配置: security: encoders: Siriru\AntBundle\Entity\User: sha512 role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADM
- /重定向/主页
- /主页不安全,但登录用户可以导航到 整个网站
- 未经身份验证的用户只能查看主页
- 人们可以注册一个帐户来访问整个网站
security:
encoders:
Siriru\AntBundle\Entity\User: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
entity: { class: Siriru\AntBundle\Entity\User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
root:
pattern: ^/$
security: false
home:
pattern: ^/home$
security: false
login:
pattern: ^/login$
security: false
register:
pattern: ^/account/
security: false
secured_area:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
username_parameter: username
password_parameter: password
logout:
path: /logout
target: /home
注册可以,也可以登录。但在重定向到主页后,用户未通过身份验证(在symfony profiler中“您未通过身份验证”)。如果我到达安全区域,我将被记录但未通过身份验证
<?php
namespace Siriru\AntBundle\Controller;
use Siriru\AntBundle\Form\Model\Registration;
use Siriru\AntBundle\Form\Type\RegistrationType;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\HttpFoundation\Response;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use JMS\SecurityExtraBundle\Annotation\Secure;
class AccountController extends Controller
{
/**
* @Route("/login", name="login")
* @Template()
*/
public function loginAction()
{
if ($this->get('request')->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $this->get('request')->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
} else {
$error = $this->get('request')->getSession()->get(SecurityContext::AUTHENTICATION_ERROR);
}
return array(
'last_username' => $this->get('request')->getSession()->get(SecurityContext::LAST_USERNAME),
'error' => $error,
);
}
/**
* @Route("/login_check", name="login_check")
*/
public function securityCheckAction()
{
// The security layer will intercept this request
}
/**
* @Route("/logout", name="logout")
*/
public function logoutAction()
{
// The security layer will intercept this request
}
/**
* @Route("/account/register", name="account_register")
* @Template()
*/
public function registerAction()
{
$form = $this->createForm(new RegistrationType(), new Registration());
return array('form' => $form->createView());
}
/**
* @Route("/account/create", name="account_create")
* @Template()
*/
public function createAction()
{
$em = $this->getDoctrine()->getEntityManager();
$form = $this->createForm(new RegistrationType(), new Registration());
$form->bind($this->getRequest());
if ($form->isValid()) {
$registration = $form->getData();
$user = $registration->getUser();
$factory = $this->get('security.encoder_factory');
$encoder = $factory->getEncoder($user);
$password = $encoder->encodePassword($user->getPassword(), $user->getSalt());
$user->setPassword($password);
$em->persist($user);
$em->flush();
return $this->redirect($this->generateUrl('homepage'));
}
return $this->render('SiriruAntBundle:Account:register.html.twig', array('form' => $form->createView()));
}
}
尝试更改防火墙配置以捕获所有URL,然后设置匿名:~
并使用访问控制
将所有URL限制为角色用户
问题在于,默认情况下,不同防火墙之间不共享安全会话
像这样的方法应该会奏效:
security:
encoders:
Siriru\AntBundle\Entity\User: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
entity: { class: Siriru\AntBundle\Entity\User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
form_login:
check_path: /login_check
login_path: /login
username_parameter: username
password_parameter: password
logout:
path: /logout
target: /home
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/home$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
尝试更改防火墙配置以捕获所有URL,然后设置匿名:~
并使用访问控制
将所有URL限制为角色用户
问题在于,默认情况下,不同防火墙之间不共享安全会话
像这样的方法应该会奏效:
security:
encoders:
Siriru\AntBundle\Entity\User: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
entity: { class: Siriru\AntBundle\Entity\User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
form_login:
check_path: /login_check
login_path: /login
username_parameter: username
password_parameter: password
logout:
path: /logout
target: /home
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/home$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
也许-{path:^/home$,roles:IS_AUTHENTICATED_ANONYMOUSLY}
如果/home(/home/xxx
)的子例程也应该受到保护,并且只有/home
单独允许匿名访问。哦,第一条规则应该是^/$
,因此它与最后一条规则不冲突。请将/login\u检查移到防火墙后面。意味着删除ACL中的登录检查行并编辑登录到-{path:^/login$,角色:通过身份验证\u匿名}
一些傻瓜拒绝我的编辑,但这是一个重要的更改^^^^可能-{path:^/home$,角色:通过身份验证\u匿名}
如果/home(/home/xxx
)的子例程也应该受到保护,并且只有/home
单独允许匿名访问。哦,第一条规则应该是^/$
,因此它与最后一条规则不冲突。请将/login\u检查移到防火墙后面。意味着删除ACL中的登录检查行并编辑登录到-{path:^/login$,roles:IS\u AUTHENTICATED\u ANONYMOUSLY}
一些傻瓜拒绝我的编辑,但这是一个重要的更改^^