0

我不明白我的问题。我只是想 :

  • /重定向/home

  • /home 不安全,但登录的用户可以导航到整个网站。

  • 未经身份验证的用户只能看到主页

  • 人们可以注册一个帐户来访问整个网站

所以这是我的 security.yml 配置:

security:
    encoders:
        Siriru\AntBundle\Entity\User: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        main:
            entity: { class: Siriru\AntBundle\Entity\User, property: username }

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        root:
            pattern: ^/$
            security: false

        home:
            pattern: ^/home$
            security: false

        login:
            pattern:  ^/login$
            security: false

        register:
            pattern: ^/account/
            security: false

        secured_area:
            pattern:    ^/
            form_login:
                check_path: /login_check
                login_path: /login
                username_parameter: username
                password_parameter: password

            logout:
                path:   /logout
                target: /home

注册没问题,也登录。但是在重定向到主页之后,用户没有通过身份验证(在 symfony 分析器中“你没有通过身份验证。”)。如果我到达安全区域,我会登录但未通过身份验证。

<?php

namespace Siriru\AntBundle\Controller;

use Siriru\AntBundle\Form\Model\Registration;
use Siriru\AntBundle\Form\Type\RegistrationType;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\HttpFoundation\Response;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use JMS\SecurityExtraBundle\Annotation\Secure;

class AccountController extends Controller
{
    /**
     * @Route("/login", name="login")
     * @Template()
     */
    public function loginAction()
    {
        if ($this->get('request')->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $this->get('request')->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = $this->get('request')->getSession()->get(SecurityContext::AUTHENTICATION_ERROR);
        }

        return array(
            'last_username' => $this->get('request')->getSession()->get(SecurityContext::LAST_USERNAME),
            'error'         => $error,
        );
    }

    /**
     * @Route("/login_check", name="login_check")
     */
    public function securityCheckAction()
    {
        // The security layer will intercept this request
    }

    /**
     * @Route("/logout", name="logout")
     */
    public function logoutAction()
    {
        // The security layer will intercept this request
    }

    /**
     * @Route("/account/register", name="account_register")
     * @Template()
     */
    public function registerAction()
    {
        $form = $this->createForm(new RegistrationType(), new Registration());

        return array('form' => $form->createView());
    }

    /**
     * @Route("/account/create", name="account_create")
     * @Template()
     */
    public function createAction()
    {
        $em = $this->getDoctrine()->getEntityManager();

        $form = $this->createForm(new RegistrationType(), new Registration());

        $form->bind($this->getRequest());

        if ($form->isValid()) {
            $registration = $form->getData();
            $user = $registration->getUser();

            $factory = $this->get('security.encoder_factory');

            $encoder = $factory->getEncoder($user);
            $password = $encoder->encodePassword($user->getPassword(), $user->getSalt());
            $user->setPassword($password);
            $em->persist($user);
            $em->flush();

            return $this->redirect($this->generateUrl('homepage'));
        }

        return $this->render('SiriruAntBundle:Account:register.html.twig', array('form' => $form->createView()));
    }
}

我需要一些帮助 =) 谢谢。

4

1 回答 1

3

尝试更改防火墙配置以捕获所有 url,然后设置anonymous: ~并使用access_control将所有 url 限制为 ROLE_USER。

问题是默认情况下不同防火墙之间不共享安全会话。

像这样的东西应该工作:

security:
    encoders:
        Siriru\AntBundle\Entity\User: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        main:
            entity: { class: Siriru\AntBundle\Entity\User, property: username }

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern:    ^/
            anonymous: ~
            form_login:
                check_path: /login_check
                login_path: /login
                username_parameter: username
                password_parameter: password

            logout:
                path:   /logout
                target: /home

    access_control:
        - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/home$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_USER }
于 2013-04-30T08:41:51.050 回答