我正在尝试在我的 Symfony2 应用程序(2.3 版)中为登录表单创建一个链提供程序 - 这是我的安全 Yaml:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chain_provider:
chain:
providers: [in_memory, fos_userbundle]
fos_userbundle:
id: fos_user.user_provider.username
in_memory:
memory:
users:
admin: { password: god, roles: [ 'ROLE_ADMIN' ] }
firewalls:
main:
pattern: ^/
form_login:
provider: chain_provider
csrf_provider: form.csrf_provider
logout: true
anonymous: true
security: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/group/, role: ROLE_ADMIN }
正如你所看到的,我正在使用 FOSUserBundle(顺便说一句很棒的东西)。
问题是,在我使用 in_memory 管理员用户登录后,我无法访问 /profile/ URL。我收到此错误消息:
AccessDeniedHttpException: This user does not have access to this section
我找到了一个原因 - 问题出在 FOS\UserBundle\Controller\ProfileController 类中:
public function showAction()
{
$user = $this->container->get('security.context')->getToken()->getUser();
if (!is_object($user) || !$user instanceof UserInterface) {
throw new AccessDeniedException('This user does not have access to this section.');
}
return $this->container->get('templating')->renderResponse('FOSUserBundle:Profile:show.html.'.$this->container->getParameter('fos_user.template.engine'), array('user' => $user));
}
Controller 正在检查 $user 对象是否是 UserInterface 的实例,但它不是,因为它是 Symfony\Component\Security\Core\User\User (明文编码器类)的实例。
我试图将编码器配置更改为:
security:
encoders:
Symfony\Component\Security\Core\User\UserInterface: plaintext
但它没有用。我发现 User 类在 Symfony 引擎的许多地方都是硬编码的。
所以我的问题是:如何从安全 yaml 中改变这种行为?我错过了什么吗?