在 FOSOAuthServerBundle 和 FOSUserBundles 的帮助下,我正在构建一个带有 angularjs 前端和 symfony 后端的应用程序以确保安全。
注册工作正常,但重新登录有问题。当您提供用户名/密码时,身份验证工作正常并生成令牌,但是当用户尝试使用令牌访问资源时,再次向用户显示登录表单以登录。
我知道这是某个地方的错误配置,希望有人能帮我指出它;-)
security.yml
security:
encoders:
AppBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
form_login:
provider: fos_userbundle
check_path: _security_check
login_path: _demo_login
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
api:
pattern: ^/api
fos_oauth: true
stateless: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
config.yml
fos_user:
db_driver: orm
firewall_name: main
user_class: AppBundle\Entity\User
fos_oauth_server:
db_driver: orm
client_class: AppBundle\Entity\Client
access_token_class: AppBundle\Entity\AccessToken
refresh_token_class: AppBundle\Entity\RefreshToken
auth_code_class: AppBundle\Entity\AuthCode
service:
user_provider: fos_user.user_manager
options:
supported_scopes: user