1

我有一个安装了 FOSUserBundle 的非常基本的 Symfony2.1 设置。

当注册一切正常时,我被重定向到我的目标路径,调试栏显示我已通过自己的身份验证。

然而,当登录时,提交带有错误凭据的表单会反映这种情况,但如果我使用正确的凭据登录,我会被重定向到我的目标路径但我仍然是匿名的,因此身份验证成功但不会在会话中持续存在。

我错过了什么吗?我几乎完全按照基本配置进行了少量定制。不确定如何进行调试(Symfony1 的经验,Symfony2 的新手)。

FOSUserBundle 的 InteractiveLoginListener onSecurityInteractiveLogin 已经并正确更新了用户的上次登录日期,我不确定这会在什么时候绑定到 security.context,如果有的话,也不知道在哪里看。

我是要注册自己的听众还是有些东西不起作用?在整个捆绑包中搜索 security.context 似乎导致仅将其设置为注册和重置?


安全.yml

security:
    acl:
        connection: default

    providers:
        fos_userbundle:
            id: fos_user.user_manager

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        # SONATA:
        #     - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented

    firewalls:
        # -> custom firewall for the admin area of the URL
        admin:
            switch_user:        true
            context:            user
            pattern:            /admin(.*)
            form_login:
                provider:       fos_userbundle
                login_path:     /admin/login
                use_forward:    false
                check_path:     /admin/login_check

                # login success redirecting options (read further below)
                always_use_default_target_path: false
                default_target_path:            /admin/dashboard
                target_path_parameter:          _target_path
                use_referer:                    false

                failure_path:   null
                use_referer:    true
            logout:
                path:           /admin/logout
                target:         /admin/login
            anonymous:    true
        # -> end custom configuration

        # default login area for standard users
        main:
            switch_user:        true
            context:            user
            pattern:            .*
            form_login:
                provider:       fos_userbundle

                # the user is redirected here when he/she needs to login
                login_path:                     /login

                # if true, forward the user to the login form instead of redirecting
                use_forward:                    false

                # submit the login form here
                check_path:                     /login_check

                # login success redirecting options (read further below)
                always_use_default_target_path: false
                default_target_path:            /
                target_path_parameter:          _target_path
                use_referer:                    false

                # login failure redirecting options (read further below)
                failure_path:                   null
                failure_forward:                false

                # csrf token options
                csrf_parameter:                 _csrf_token
                intention:                      authenticate

            logout:             true
            anonymous:          true
        # -> end default configuration


    access_control:
        # URL of FOSUserBundle which need to be available to anonymous users
        - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # -> custom access control for the admin area of the URL
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # -> end

        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Secured part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

jms_security_extra:
    secure_all_services: false
    expressions: true

日志

[2012-07-05 15:12:50] security.INFO: User "steve" has been authenticated successfully [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "security.interactive_login" to listener "FOS\UserBundle\Security\InteractiveLoginListener::onSecurityInteractiveLogin". [] []
[2012-07-05 15:12:50] doctrine.DEBUG: UPDATE fos_user_user SET last_login = ?, updated_at = ? WHERE id = ? ([{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},1]) [] []
[2012-07-05 15:12:50] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2012-07-05 15:12:50] security.DEBUG: Write SecurityContext in the session [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\SecurityBundle\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2012-07-05 15:12:51] request.INFO: Matched route "sonata_admin_dashboard" (parameters: "_controller": "Sonata\AdminBundle\Controller\CoreController::dashboardAction", "_route": "sonata_admin_dashboard") [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2012-07-05 15:12:51] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2012-07-05 15:12:51] security.DEBUG: Access is denied (user is not fully authenticated) by "/var/www/motoratings/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70; redirecting to authentication entry point [] []
[2012-07-05 15:12:51] security.DEBUG: Calling Authentication entry point [] []
4

3 回答 3

2

事实证明,答案只是清除浏览器的 cookie,出于某种原因,我设置了 2 个 PHPSESSID cookie。不知道这怎么可能?

我的假设是这是由于摆弄这个,也许是因为我有 2 个防火墙,后来我将其剥离为 1 个?

似乎 Symfony 正在循环 PHPSESSID cookie,每个页面都在改变,所以任何身份验证都在一个不会持续到下一个的会话上——因此给了我所描述的问题。

设置 2 个 cookie 是否有正当理由?.. 甚至不可能设置 2 个同名 cookie?在清除它们之前我没有对其进行适当的调查,我想那一定有不同的路径或其他东西?..但它们似乎都出现在每个请求中。

于 2012-07-06T09:28:44.380 回答
0

在黑暗中刺伤,但是您的用户类getRoles()方法是否在任何情况下都返回 ROLE_USER 因为如果此方法不返回任何内容,则用户将被视为匿名用户,因此未经过身份验证。

于 2012-07-05T15:43:08.460 回答
0

黑暗中的另一个刺,似乎你正在重定向到sonata_admin_dashboard路由,它解析为/admin/dashboardurl。根据您的security.yml说法,用户似乎需要具有ROLE_ADMINROLE_SONATA_ADMIN角色才能访问该页面。

于 2012-07-05T18:40:46.520 回答