dptiq46022 2014-10-30 18:03
浏览 52
已采纳

Symfony2安全配置 - 如何并排使用两个防火墙

I want to use a symfony2 application with 2 firewalls: one with users from database for the frontend, and another with in memory users for the backend.

I have read through all the documentations and various stackoverflow questions, but I cannot solve my problem.

This is my security.yml configuration so far:

security:
    firewalls:
        frontend:
            pattern:    ^/
            provider: fe_users
            anonymous: ~
            form_login:
                username_parameter: _email
                login_path:  _login
                check_path:  _login_check
                remember_me: true
                default_target_path: _profile
                #always_use_default_target_path: true
            logout:
                path: /logout
                target: /
            remember_me:
                key: MiPassphrase
                lifetime: 1800
                path: /.*
                domain: ~
        backend:
            pattern:   ^/backend
            provider: be_users
            anonymous: ~
            http_basic:
                realm: ""

    access_control:
        - { path: ^/backend$, roles: ROLE_ADMIN }
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }

    encoders:
        vv\xx\Entity\User:
            algorithm: bcrypt
        Symfony\Component\Security\Core\User\User: plaintext

    providers:
        fe_users:
            entity: { class: vvxx:User, property: email }
        be_users:
            memory:
                users:
                    d: { password: c, roles: 'ROLE_ADMIN' }

What happens with that:

The frontend authentication works fine. If user is not logged in to frontend, the visit of /backend redirects me to /login. If user IS logged in (and authenticated) to frontend, the visit of /backend gives me a 403 access denied. A "classic" http authentication loginform never appears.

Can anybody have a look at my configuration and figure out what I'm doing wrong here?

I really appreciate your help :)

  • 写回答

1条回答 默认 最新

  • dsfw2154 2014-10-31 00:01
    关注

    Firewalls are matched on a first match basis. Your least restrictive patterns should come after more restrictive ones in your firewall list. Currently your frontend pattern is matching everything so your backend pattern is never being checked.

    As Igor Pantovic suggests:

    Try inversing firewall order, place backend before frontend

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 PADS Logic 原理图
  • ¥15 PADS Logic 图标
  • ¥15 电脑和power bi环境都是英文如何将日期层次结构转换成英文
  • ¥20 气象站点数据求取中~
  • ¥15 如何获取APP内弹出的网址链接
  • ¥15 wifi 图标不见了 不知道怎么办 上不了网 变成小地球了
  • ¥50 STM32单片机传感器读取错误
  • ¥15 (关键词-阻抗匹配,HFSS,RFID标签天线)
  • ¥15 机器人轨迹规划相关问题
  • ¥15 word样式右侧翻页键消失