symfony - Symfony2 ESI bug 浏览器缓存

Question

我在我的网站上使用 ESI 缓存；那里工作正常，今天我清除了 APC 缓存和 sf2 缓存，我看到一切正常。但是有些人看不到esi面板等。

为什么会这样，如何解决？我不明白为什么我和一些朋友可以看得很清楚而其他人看不到？

Using symfony 2.1.7

以这种方式渲染：

$response=new Response();
$response= $this->render('HomePageBundle:Default:index.html.twig', array(...
$response->setPrivate(true);
$response->setMaxAge(300);

return $response;

我的 web/app.php 文件

require_once __DIR__.'/../app/bootstrap.php.cache';
require_once __DIR__.'/../app/AppKernel.php';
require_once __DIR__.'/../app/AppCache.php';

$loader = new ApcClassLoader('tb_sf2', $loader);
$loader->register(true);

$kernel = new AppKernel('prod', false);
$kernel->loadClassCache();

// wrap the default AppKernel with the AppCache one
$kernel = new AppCache($kernel);

$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);

但如果这是一个错误，我也不会看到 esi 面板，对吧？

我再次清除了缓存一段时间（可能是 30 分钟后），有人说：

现在我可以看到左侧菜单，但顶部仍然什么都没有

我清除了日志，然后我的朋友刷新了……这个日志是为每个 ESI 面板添加的：

[2013-05-27 23:03:17] request.INFO: Matched route "home_page_homepage" (parameters: "_controller": "TB\HomePageBundle\Controller\DefaultController::indexAction", "_route": "home_page_homepage") [] []
[2013-05-27 23:03:17] app.INFO: Locale Query Guessing Service Loaded [] []
[2013-05-27 23:03:17] app.INFO: Locale has not been identified by the Query guessing service [] []
[2013-05-27 23:03:17] app.INFO: Locale Session Guessing Service Loaded [] []
[2013-05-27 23:03:17] app.INFO: Locale has been identified by guessing service: ( Session ) [] []
[2013-05-27 23:03:17] app.INFO: Setting [ en ] as defaultLocale for the Request [] []
[2013-05-27 23:03:17] security.DEBUG: Read SecurityContext from the session [] []
[2013-05-27 23:03:17] security.DEBUG: Reloading user from user provider. [] []
[2013-05-27 23:03:17] security.DEBUG: Username "MbrunoM" was reloaded from user provider. [] []
[2013-05-27 23:03:18] security.DEBUG: Write SecurityContext in the session [] []
[2013-05-27 23:03:18] request.INFO: Matched route "notifications_box_esi" (parameters: "_controller": "TB\HomePageBundle\Controller\DefaultController::notificationsBoxEsiAction", "max": "10", "_route": "notifications_box_esi") [] []
[2013-05-27 23:03:18] app.INFO: Locale Query Guessing Service Loaded [] []
[2013-05-27 23:03:18] app.INFO: Locale has not been identified by the Query guessing service [] []

[2013-05-27 23:03:18] app.INFO: Locale Query Guessing Service Loaded [] []
[2013-05-27 23:03:18] app.INFO: Locale has not been identified by the Query guessing service [] []
[2013-05-27 23:03:18] app.INFO: Locale Session Guessing Service Loaded [] []
[2013-05-27 23:03:18] app.INFO: Locale has been identified by guessing service: ( Session ) [] []
[2013-05-27 23:03:18] app.INFO: Setting [ en ] as defaultLocale for the Request [] []
[2013-05-27 23:03:18] security.DEBUG: Read SecurityContext from the session [] []
[2013-05-27 23:03:18] security.DEBUG: Reloading user from user provider. [] []
[2013-05-27 23:03:18] security.DEBUG: Username "MbrunoM" was reloaded from user provider. [] []
[2013-05-27 23:03:18] security.DEBUG: Access is denied (and user is neither anonymous, nor remember-me) by "/var/www/domain.com/framework/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70 [] []
[2013-05-27 23:03:18] security.DEBUG: Access is denied (and user is neither anonymous, nor remember-me) by "/var/www/domain.com/framework/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70 [] []

Answer 1

确保您的用户被允许通过您的防火墙访问 ESI 路由。

您的防火墙配置可能有错误。您的用户无权访问路由“*notifications_box_esi*”。调试日志中有趣的一行是：

security.DEBUG: Access is denied (and user is neither anonymous, nor remember-me) by "/var/www/nonamepage/framework/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70 [] [] [2013-05-27 23:03:18] security.

您的防火墙根据角色或访问决策管理器允许或限制对某些路由/url 的访问。

配置可以在你的 security.yml 中找到：

security:

    # ...

    access_control:
        - { path: ^/admin/users, roles: ROLE_SUPER_ADMIN }
        - { path: ^/admin, roles: ROLE_ADMIN }

    # ... or with an access decision manager
    firewalls:
        your_firewall_name:
            pattern:    ^/
            # ...

您可以检查当前用户具有哪些角色：

$this->get('security.context')->getToken()->getUser()->getRoles();

Answer 2

我知道这是 2 年前的问题，但我遇到了同样的问题：security.DEBUG：访问被拒绝（用户既不是匿名的，也不是记住我的）

问题是，如果我在我的 LoginSuccessHandler 中被授予重定向到我的页面，我得到了很好的角色（ROLE_USER），但它仍然不起作用。我已经清理了我的缓存，它没有任何区别。如果我去 symfony 调试工具栏，它会说： Authenticated? 否（可能是因为用户没有角色）

这是我的 security.yml 和我的 LoginSuccessHandler ：

security:
  encoders:
    Mainbundle\Entity\Personne:
      algorithm:        sha512
      encode_as_base64: false
      iterations:       1

  role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_MANAGER, ROLE_ALLOWED_TO_SWITCH ]

  providers:
    administrators:
      entity: { class: MainBundle:Personne }

  firewalls:
    #wsse_secured:
      #pattern:   ^/api/.*
      #stateless: true
      #wsse: true
    default:
      #pattern:      ^/
      pattern:      ^/wsse
      anonymous:    ~
      #wsse:         true
      form_login:
        post_only:           true
        use_forward:         false
        provider:            administrators
        csrf_provider:       form.csrf_provider
        csrf_parameter:      _csrf_token
        remember_me:         true
        login_path:          login_route
        check_path:          login_check
        default_target_path: admin
        failure_path:        null
        success_handler:     main.component.authentication.handler.login_success_handler
      logout:
        path:				     logout
        target: 			   /
        success_handler: main.component.authentication.handler.logout_success_handler

  access_control:
    - { path: ^/wsse/admin, roles: ROLE_USER }
    - { path: ^/wsse, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
    #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    #- { path: ^/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }

    #providers:
        #webservice:
            #id: webservice_user_provider
        #in_memory:
            #memory: ~

    #encoders:
        #MainBundle\Security\User\WebserviceUser: sha512

<?php
 
namespace MainBundle\Component\Authentication\Handler;
 
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Router;
use Doctrine\ORM\EntityRepository;
use MainBundle\Entity\UserRepository;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Mainbundle\Manager\UserManager;

class LoginSuccessHandler extends Controller implements AuthenticationSuccessHandlerInterface
{
	protected $router;
	protected $security;
	protected $usermanager;
	
	public function __construct($usermanager, Router $router, SecurityContext $security)
	{
		$this->router = $router;
		$this->security = $security;
		$this->usermanager = $usermanager;
	}
	
	public function onAuthenticationSuccess(Request $request, TokenInterface $token)
	{
		$personne = $token->getUser();
		$usermanager = $this->usermanager->getRepository();
		$role_array = $this->usermanager->findRole($personne->getId());
		$personne->setRoles($role_array);
		
		var_dump($this->security->getToken()->getUser()->getRoles());
		
		if ($this->security->isGranted('ROLE_SUPER_ADMIN'))
		{
			$response = new RedirectResponse($this->router->generate('category_index'));
		}
		elseif ($this->security->isGranted('ROLE_ADMIN'))
		{
			$response = new RedirectResponse($this->router->generate('category_index'));
		} 
		elseif ($this->security->isGranted('ROLE_USER'))
		{
			$response = new RedirectResponse($this->router->generate('admin'));
			// redirect the user to where they were before the login process begun.
			/*$referer_url = $request->headers->get('referer');
						
			$response = new RedirectResponse($referer_url);*/
		}
		elseif ($this->security->isGranted('ROLE_MANAGER'))
		{
			$response = new RedirectResponse($this->router->generate('admin'));
		}
		return $response;
	}	
}