donglin1692 2016-03-03 19:20
浏览 81
已采纳

一个应用程序中的Symfony 3,2防火墙

I have problem with firewalls in symfony 3. From 3 days I've been struggling with this. I've read documentation and did everything according to it, but application doesn't work as I expect.

Goal: All pages (except login page) require logged in user. If user isn't logged in he should be redirect to /login page. That's all.

According to this pages:

I have created controller with login action and form. login_path and check_path use the same action (according to documentation). Probably something in security.yml is wrong because it doesn't work properly. My settings: 

security:
providers:
    in_memory:
        memory:
            users:
                aaa:
                    password: aaa
                    roles: 'ROLE_ADMIN'
encoders:
    Symfony\Component\Security\Core\User\User: plaintext
firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    login_firewall:
        pattern:    ^/login
        anonymous: ~
#       form_login:
#           login_path: /login
#           check_path: /login
    secured_area:
        pattern:    ^/
        form_login:
            login_path: /login
            check_path: /login
            default_target_path: homepage
        logout:
            path:   /logout
            target: /login
#    access_control:
#        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
#        - { path: ^/, roles: IS_AUTHENTICATED_FULLY }

My login action:

<?php
/**
 * @Route("/login", name="login")
 */
public function loginAction(Request $request)
{
    $authenticationUtils = $this->get('security.authentication_utils');
    // get the login error if there is one
    $error = $authenticationUtils->getLastAuthenticationError();
    // last username entered by the user
    $lastUsername = $authenticationUtils->getLastUsername();

    return $this->render(
        'security/login.html.twig',
        array(
            // last username entered by the user
            'last_username' => $lastUsername,
            'error'         => $error,
        )
    );
}
?>

Problems:

  1. With this configuration I'm not able to log in. Request use login action but system doesn't want to authenticate me.
  2. If I uncomment form_login in login_firewall firewall, Authentication works properly (I'm logged in), but I can't access homepage (system redirect me to login page although I have been authenticated.
  3. I've tried use access_control, but behavior was the same as in 2 point.

Please help me with that. I'm sure this is something simple but I'm new in Symfony and I don't see it.

UPDATE

Thanks to Tobias Xy I corrected security.yml. Working version:

security:
    providers:
        in_memory:
            memory:
                users:
                    smt:
                        password: smt
                        roles: 'ROLE_ADMIN'
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~
            form_login:
                login_path: /login
                check_path: /login
                default_target_path: /
            logout:
                path:   /logout
                target: /login
    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: IS_AUTHENTICATED_FULLY }
  • 写回答

1条回答 默认 最新

  • dongshi1606 2016-03-04 12:59
    关注

    Fix:

    I would suggest:

    1. Remove the login_firewall entirely.
    2. Allow anonymous users in your secured_area (anonymous: ~)
    3. Uncomment the access_control section (the content looks good)

    Let me know if it worked.

    Alternative fix:

    (This may work, but I'm not 100% sure about it).

    1. Change your check_path to something else (e.g. /check_login)
    2. Create an empty route for /check_login (similar to the logout route, described here: Security - Logging out)
    3. (Make sure this new path is behind the "secured_area" firewall!)

    Some Explanation:

    Your problems can probably be explained by this page: How to Build a Traditional Login Form. There it says:

    If you're using multiple firewalls and you authenticate against one firewall, you will not be authenticated against any other firewalls automatically. Different firewalls are like different security systems.

    This explains some of your problems: If you uncomment the form_login in the login_firewall, you will authenticate to the login page only! As soon as you go to another page you are not authenticated anymore, because it is a different security context.

    I'm not 100% sure about your Problem 1, but it may happen because your "check_path" is also behind the firewall login_firewall and not secured_area. And since there is no form_login in your login_firewall the submitted login form will not be recognized.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料