7

我有一个管理区域,我们强制登录到 https://。如果用户没有登录,点击路由 /admin 应该重定向到登录页面,但我得到了一个无休止的重定向循环。不知道出了什么问题,这里是security.yml:

firewalls: 
        admin_login:
            pattern:  ^/admin/secured/login$
            security: false

        admin_secured_area:
            pattern: ^/admin
            provider: entity_admin
            form_login:
                check_path: /admin/secured/login_check
                login_path: /admin/secured/login
                default_target_path: /admin
            logout:
                path:   /admin/secured/logout
                target: /

    access_control:
        - { path: ^/admin/secured/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
        - { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }

谢谢你的帮助!

4

5 回答 5

7

防火墙中不需要“admin_login”部分。但看起来你忘记了匿名参数..

firewalls:     
        admin_secured_area:
            anonymous: ~
            pattern: ^/admin
            provider: entity_admin
            form_login:
                check_path: /admin/secured/login_check
                login_path: /admin/secured/login
                default_target_path: /admin
            logout:
                path:   /admin/secured/logout
                target: /

    access_control:
        - { path: ^/admin/secured/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
        - { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }

正如我在评论中所说,您是否为登录用户设置了 ROLE_ADMIN 角色?

编辑:您的路由是否也为管理部分声明 HTTPS 通道?

于 2013-08-28T11:50:18.187 回答
4

After quick look I would say that something like this below should be correct:

firewalls: 
    admin_secured_area:
        pattern:  ^/admin
        provider: entity_admin
        form_login:
            check_path: /admin/secured/login_check
            login_path: /admin/secured/login
            default_target_path: /admin
        logout:
            path:   /admin/secured/logout
            target: /

access_control:
    - { path: ^/admin/secured/(login|login_check|logout)$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
    - { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }

Anyway, if this not help, I recommend to check the redirects with built-in profiler (tabs with route matches and logs), to turn it on the redirects change config_dev.yml to:

web_profiler:
    toolbar: true
    intercept_redirects: true
于 2013-08-27T14:32:00.397 回答
3

嗨,这与 Symfony2$request->isSecure()在站点处于负载均衡器下时检查 SSL 的方式有关,PHP 中有一些不一致的标头名称。配置文件需要以下内容:

trusted_proxies: [10.0.0.0/8]

它现在可以工作了,但我不知道这个设置是否存在安全问题。

于 2013-09-03T16:55:37.500 回答
2

^/admin/secured/login_check也应该通过匿名身份验证,因为用户在最初调用该页面时将没有角色,因此是循环。

于 2013-08-23T22:46:47.687 回答
2

消除 : 

admin_login:
            pattern:  ^/admin/secured/login$
            security: false
于 2013-08-30T14:20:37.320 回答