douguangxiang0363
2014-02-19 22:04
浏览 46
已采纳

将所有路由重定向到一个URL,直到满足条件

I have a user entity, which has a boolean "hasTmpPassword". This boolean is set to true until the user changes its password.

After login with the temp password, I redirect to my changePassword page (with DefaultAuthenticationSuccessHandler )

How can I prevent a login user (with temp password), to access other pages of the website, and always redirect him toward the changePassword page?

Thanks!

图片转代码服务由CSDN问答提供 功能建议

我有一个用户实体,它有一个布尔“hasTmpPassword”。 在用户更改密码之前,此布尔值设置为true。

使用临时密码登录后,我重定向到我的changePassword页面(使用DefaultAuthenticationSuccessHandler) < p>如何阻止登录用户(使用临时密码)访问网站的其他页面,并始终将他重定向到changePassword页面?

谢谢! \ n

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

2条回答 默认 最新

  • dshakcsq64956 2014-02-19 22:32
    最佳回答
    1. after login that user you should set flag in his session (ie. changePasswordNeeded).

      $request->getSession()->set('changePasswordNeeded', true);

    2. Add listener, which will be fired onKernelRequest

      kernel.listener.your_listener_name: class: YourLitenerClass tags: - { name: kernel.event_listener, event: kernel.controller, method: onKernelRequest }

    3. Redirect to form each request except change_temp_password request (for selected users)

      public function onKernelRequest(FilterControllerEvent $event) {

        $request = $event->getRequest();
      
        if ($request->getSession()->has('changePasswordNeeded')) {
          $expectedRoute = 'change_temp_password';
          if ($expectedRoute === $event->getRequest()->get('_route')) {
            return;
          }
      
          $url = $this->router->generate($expectedRoute);
          $response = new RedirectResponse($url);
          $event->setResponse($response); 
        }        
      }
      
    评论
    解决 无用
    打赏 举报
查看更多回答(1条)

相关推荐 更多相似问题