dptiq46022
2014-10-30 18:03
浏览 52
已采纳

Symfony2安全配置 - 如何并排使用两个防火墙

I want to use a symfony2 application with 2 firewalls: one with users from database for the frontend, and another with in memory users for the backend.

I have read through all the documentations and various stackoverflow questions, but I cannot solve my problem.

This is my security.yml configuration so far:

security:
    firewalls:
        frontend:
            pattern:    ^/
            provider: fe_users
            anonymous: ~
            form_login:
                username_parameter: _email
                login_path:  _login
                check_path:  _login_check
                remember_me: true
                default_target_path: _profile
                #always_use_default_target_path: true
            logout:
                path: /logout
                target: /
            remember_me:
                key: MiPassphrase
                lifetime: 1800
                path: /.*
                domain: ~
        backend:
            pattern:   ^/backend
            provider: be_users
            anonymous: ~
            http_basic:
                realm: ""

    access_control:
        - { path: ^/backend$, roles: ROLE_ADMIN }
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }

    encoders:
        vv\xx\Entity\User:
            algorithm: bcrypt
        Symfony\Component\Security\Core\User\User: plaintext

    providers:
        fe_users:
            entity: { class: vvxx:User, property: email }
        be_users:
            memory:
                users:
                    d: { password: c, roles: 'ROLE_ADMIN' }

What happens with that:

The frontend authentication works fine. If user is not logged in to frontend, the visit of /backend redirects me to /login. If user IS logged in (and authenticated) to frontend, the visit of /backend gives me a 403 access denied. A "classic" http authentication loginform never appears.

Can anybody have a look at my configuration and figure out what I'm doing wrong here?

I really appreciate your help :)

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dsfw2154 2014-10-31 00:01
    已采纳

    Firewalls are matched on a first match basis. Your least restrictive patterns should come after more restrictive ones in your firewall list. Currently your frontend pattern is matching everything so your backend pattern is never being checked.

    As Igor Pantovic suggests:

    Try inversing firewall order, place backend before frontend

    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题