2

我的目标是让所有路由都在防火墙保护的 API 下,除了一些。我有这样的防火墙配置:

security:
    acl:
        connection: default

providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

encoders:
    FOS\UserBundle\Model\UserInterface: sha512

firewalls:
    oauth_token:
        pattern:    ^/oauth/v2/token
        security:   false

    oauth_authorize:
        pattern:    ^/oauth/v2/auth
        form_login:
            provider: fos_userbundle
            check_path: /oauth/v2/auth_login_check
            login_path: /oauth/v2/auth_login
        anonymous: true

    api:
        pattern:    ^/.*
        fos_oauth:  true
        stateless:  true
        anonymous: false

access_control:
    - { path: ^/, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
    - { path: ^/doc, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
    - { path: ^/resque, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
    - { path: /monitor, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
    - { path: /users, methods: [POST], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
    - { path: /users/me/registration/confirm, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
    - { path: /users/me/email/confirm, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
    - { path: /instants/.*, methods: [PUT], roles: [IS_AUTHENTICATED_ANONYMOUSLY ]}
    - { path: ^/_profiler, roles: [IS_AUTHENTICATED_ANONYMOUSLY]}
    - { path: ^/_wdt, roles: [IS_AUTHENTICATED_ANONYMOUSLY]}
    - { path: ^/_configurator, roles: [IS_AUTHENTICATED_ANONYMOUSLY]}
    - { path: /.*, roles: [ IS_AUTHENTICATED_FULLY ]}

但是没有访问令牌就无法访问路线和其他/resque路线。/monitor我在配置中做错了吗?还是无法实现路由白名单?

4

2 回答 2

1

您可以在您的 api 模式中使用异常:

api:
    pattern: ^/api(?!/doc)(?!/user/add)(?!/user/availability)   # All URLs are protected except api/doc ; api/user/add ; api/user/availability
    fos_oauth: true                                             # OAuth2 protected resource
    stateless: true                                             # Do no set session cookies
    anonymous: false                                            # Anonymous access is not allowed

有了这个你不需要描述

access_control:
- ...
于 2020-04-26T16:56:01.473 回答
0

我有同样的问题,我通过实施另一个防火墙解决了这个问题。不会检查此道路 OAuth 令牌。我在模式中放置了另一个正则表达式路由。并且不要忘记将此防火墙放在您的 api 防火墙前面,因为您有正则表达式“全部匹配”

    api_anonym_area:
        pattern: (^/api/users/forgotten-password/.*)
        methods: [POST]
        security: false
于 2017-03-01T08:41:05.470 回答