drpjdfj618393
2014-02-21 09:23
浏览 36
已采纳

Symfony2访问控制重定向到登录

In an application I am developing, I'm having a weird issue with the access control for the security component.

I use the FOSUserBundle (of course) for users and I copied the example access control rules from the bundle documentation to my security.yml The login screen (/login) works perfectly but the issue is, all other access control rules have absolutely no effect whatsoever. When a user goes to /register for example, he is redirected to /login, the same goes for /resetting.

This is my security.yml file:

jms_security_extra:
    secure_all_services: false
    expressions: true

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        dev:
            pattern:  ^/(\_(profiler|wdt)|css|images|js)/
            security: false

        api:
            pattern: ^/api
            anonymous: false
            form_login: false
            provider: fos_userbundle
            http_basic:
                realm: "REST Service Realm"

        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
            logout:       true
            anonymous:    ~
            switch_user:  { role: ROLE_SUPER_ADMIN, parameter: _impersonate }

    access_control:
        - { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/superadmin/, role: ROLE_SUPER_ADMIN }

I have tried to turn of security for paths containing /resetting and /register, but that clearly won't work since the security token still needs to be available for the FOSUserBundle controllers.

Any help would be much appreciated!

图片转代码服务由CSDN问答提供 功能建议

在我正在开发的应用程序中,我对安全组件的访问控制存在一个奇怪的问题。 / p>

我为用户使用了FOSUserBundle(当然),我将示例访问控制规则从包文档复制到我的 security.yml 登录界面( / login )工作正常,但问题是,所有其他访问控制规则绝对没有任何效果。 例如,当用户转到 / register 时,他被重定向到 / login / resetting 也是如此。 \ n

这是我的 security.yml 文件:

  jms_security_extra:
 secure_all_services:false 
表达式:true 
 \  nsecurity:
 encoders:
 FOS \ UserBundle \ Model \ UserInterface:sh​​a512 
 
 role_hierarchy:
 ROLE_ADMIN:ROLE_USER 
 ROLE_SUPER_ADMIN:ROLE_ADMIN 
 
提供者:
 fos_userbundle:
 id:fos_user.user_provider  .username_email 
 
防火墙:
 dev:
 pattern:^ /(\ _(profiler | wdt)| css | images | js)/ 
 security:false 
 
 api:
 pattern:^  / api 
 anonymous:false 
 form_login:false 
 provider:fos_userbundle 
 http_basic:
 realm:“REST Service Realm”
 
 main:
 pattern:^ / 
 form_login:
 provider:  fos_userbun  dle 
 csrf_provider:form.csrf_provider 
 logout:true 
 anonymous:〜
 switch_user:{role:ROLE_SUPER_ADMIN,parameter:_impersonate} 
 
 access_control:
  -  {path:^ / login,role:IS_AUTHENTICATED_ANONYMOUSLY  } 
  -  {path:^ / register,role:IS_AUTHENTICATED_ANONYMOUSLY} 
  -  {path:^ / resetting,role:IS_AUTHENTICATED_ANONYMOUSLY} 
  -  {path:^ / superadmin /,role:ROLE_SUPER_ADMIN} 
    
 
 

我试图改变包含 / resetting / register 的路径的安全性,但是这显然不起作用,因为 安全令牌仍然需要可用于FOSU​​serBundle控制器。

任何帮助将不胜感激!

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongpang4470 2014-02-21 10:23
    已采纳

    The problem was that another bundle was messing with each request checking if the user was logged in or not. If the user wasn't logged in, a redirect response was generated to the login page.

    No idea why this was done, I think it comes from an era where the original authors had less experience with Symfony.

    But so it proves again, always check the logs. Very thoroughly.

    评论
    解决 无用
    打赏 举报
  • 查看更多回答(1条)

相关推荐 更多相似问题