doulai7239
2015-06-29 19:42
浏览 71
已采纳

如何在Symfony中注销被禁止的用户?

Symfony provides a simple way of preventing users from logging in using the isEnabled property if the user class implements AdvancedUserInterface.

However, if the user is logged in nothing will prevent them from accessing the website until their session expires.

The idea would be to check the isEnabled property upon getting the user entity ($this->get('security.token_storage')->getToken()->getUser()) and to invalidate the session then. What is the preferred way of doing so?

Or is there a better way to achieve this goal?

图片转代码服务由CSDN问答提供 功能建议

Symfony提供了一种阻止用户使用 isEnabled 属性登录的简单方法 用户类实现 AdvancedUserInterface

但是,如果用户登录,则在会话到期之前不会阻止他们访问网站。

想法是在获取用户实体时检查 isEnabled 属性( $ this-> get('security.token_storage') - > getToken() - > getUser())然后使会话无效。 这样做的首选方式是什么?

或者有更好的方法来实现这一目标吗?

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 收藏
  • 邀请回答

4条回答 默认 最新

  • duanshang9426 2015-06-30 08:06
    已采纳

    You can set the following in your security.yml:

    security:
        always_authenticate_before_granting: true
    

    This will always re-authenticate a user before storing the information into the token. It will take care of these kind of changes in the user configuration, but also things like changed roles etc..

    评论
    解决 无用
    打赏 举报
查看更多回答(3条)

相关推荐 更多相似问题