symfony授权未看到角色
我对symfony很陌生,并且尝试使用它的安全性。我想我已经设置好了使用登录表单对数据库中的用户进行身份验证的所有内容。我可以通过条令对用户进行身份验证,但symfony似乎看不到用户实例返回的角色,即使我已将角色硬编码到类中 这是我的security.yml文件symfony授权未看到角色,symfony,Symfony,我对symfony很陌生,并且尝试使用它的安全性。我想我已经设置好了使用登录表单对数据库中的用户进行身份验证的所有内容。我可以通过条令对用户进行身份验证,但symfony似乎看不到用户实例返回的角色,即使我已将角色硬编码到类中 这是我的security.yml文件 security: encoders: MyCompany\MyProject\UserBundle\Entity\User: algorithm: sha1 encod
security:
encoders:
MyCompany\MyProject\UserBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
entity: { class: MyCompanyMyProjectUserBundle:User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
anonymous: ~
provider: main
form_login:
login_path: login
check_path: login_check
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
这是我的用户实体
<?php
class User implements UserInterface, \Serializable
{
private $id;
private $username;
private $salt;
private $password;
private $email;
private $isActive;
public function __construct()
{
$this->isActive = true;
$this->salt = md5(uniqid(null, true));
}
/**
* Returns the roles granted to the user.
*
* <code>
* public function getRoles()
* {
* return array('ROLE_USER');
* }
* </code>
*
* Alternatively, the roles might be stored on a ``roles`` property,
* and populated in any number of different ways when the user object
* is created.
*
* @return Role[] The user roles
*/
public function getRoles()
{
return array('ROLE_USER');
}
/**
* Returns the password used to authenticate the user.
*
* This should be the encoded password. On authentication, a plain-text
* password will be salted, encoded, and then compared to this value.
*
* @return string The password
*/
public function getPassword()
{
return $this->password;
}
/**
* Returns the salt that was originally used to encode the password.
*
* This can return null if the password was not encoded using a salt.
*
* @return string|null The salt
*/
public function getSalt()
{
return $this->salt;
}
/**
* Returns the username used to authenticate the user.
*
* @return string The username
*/
public function getUsername()
{
return $this->username;
}
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set username
*
* @param string $username
* @return User
*/
public function setUsername($username)
{
$this->username = $username;
return $this;
}
/**
* Set salt
*
* @param string $salt
* @return User
*/
public function setSalt($salt)
{
$this->salt = $salt;
return $this;
}
/**
* Set password
*
* @param string $password
* @return User
*/
public function setPassword($password)
{
$this->password = $password;
return $this;
}
/**
* Set email
*
* @param string $email
* @return User
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* Get email
*
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* Set is_active
*
* @param boolean $isActive
* @return User
*/
public function setIsActive($isActive)
{
$this->isActive = $isActive;
return $this;
}
/**
* Get is_active
*
* @return boolean
*/
public function getIsActive()
{
return $this->isActive;
}
/**
* (PHP 5 >= 5.1.0)<br/>
* String representation of object
* @link http://php.net/manual/en/serializable.serialize.php
* @return string the string representation of the object or null
*/
public function serialize()
{
return serialize(array(
$this->id,
$this->username,
$this->salt,
$this->password,
));
}
/**
* (PHP 5 >= 5.1.0)<br/>
* Constructs the object
* @link http://php.net/manual/en/serializable.unserialize.php
* @param string $serialized <p>
* The string representation of the object.
* </p>
* @return void
*/
public function unserialize($serialized)
{
list (
$this->id,
$this->username,
$this->salt,
$this->password,
) = unserialize($serialized);
}
/**
* Removes sensitive data from the user.
*
* This is important if, at any given point, sensitive information like
* the plain-text password is stored on this object.
*/
public function eraseCredentials()
{
}
}
如您所见,
ROLE\u用户
角色被硬编码为从.getRoles()
返回,但在身份验证时,当我访问/admin
时,仍然会收到403-拒绝访问 我认为这种行为没有任何问题。从你所描述的情况来看,它似乎正在按预期工作
根据当前配置,要访问/admin
,用户需要角色\u admin
。如果用户只有角色\u user
(如您的场景所示),则403响应是正确的(403表示用户已成功通过身份验证,但授权失败)
有两种方法可以让硬编码“工作”(尽管我不推荐在现实世界中使用):
getRoles()
返回ROLE\u ADMIN
security.yml
中的层次结构翻转为ROLE\u用户:ROLE\u管理员
你的序列化程序也需要包含角色。这让我很困惑。我根本不理解security.yml文件中的角色定义。告诉symfony的安全文件中的密钥(角色用户)和值(角色管理员)是什么。我应该在何时/何地引用角色管理?角色层次结构决定了角色如何相互继承。在您的
security.yml
中,它基本上表示ROLE\u ADMIN
自动获取ROLE\u USER
,即所有ROLE\u ADMIN
也隐式地是ROLE\u USER
。这就像扩展一个类;子对象继承父对象的所有属性。