0

我有这个 security.yml 文件

# config/packages/security.yaml
security:
encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    login:
        pattern:  ^/api/login
        stateless: true
        anonymous: true
        json_login:
            check_path:               /api/login_check
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure
    api:
        pattern:   ^/api
        stateless: true
        guard:
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_token_generator: security.csrf.token_manager
        oauth:
            resource_owners:
                facebook:         "/secured/login_facebook"
                google:           "/secured/login_google"
            login_path:        fos_user_security_login
            failure_path:      fos_user_security_login
            oauth_user_provider:
                service: app.provider.oauth
        logout:       true
        anonymous:    true

# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api/,       roles: IS_AUTHENTICATED_FULLY }

我的项目中有 2 个子应用程序:带有登录表单的管理面板 + 登录后访问和 api。问题是登录工作正常,但是当我尝试访问 /api/register 时出现错误:

“未找到 JWT 令牌”

你对此有什么想法吗?并且有可能有一个可以在未经身份验证的模式下访问的 api 列表吗?提前致谢。

4

1 回答 1

1

尽管您已经为下IS_AUTHENTICATED_ANONYMOUSLY的路径定义了,但您需要设置一个允许匿名访问该路径的防火墙。^/api/registeraccess_control

下面的代码是如何实现这一目标的示例。不幸的是,我现在无法对其进行测试,因此,您可能必须根据自己的需要对其进行调整。

示例 1:创建新防火墙:

firewalls:
//  ... the other firewalls you have
    register:
        pattern: ^/api/register
        anonymous: true
//      ... other configs you might need

示例 2:将规则添加到现有防火墙条目:

firewalls:
//  ... the other firewalls you have
    login_register:
        pattern:  ^/api/
        stateless: true
        anonymous: true
        json_login:
            check_path:               login_check
            success_handler:          lexik_jwt_authentication.handler.authentication_success
            failure_handler:          lexik_jwt_authentication.handler.authentication_failure
        register:
            check_path:               register
//          ... other configs you might need
于 2019-09-06T14:46:16.600 回答