Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
521 views
in Technique[技术] by (71.8m points)

php - Symfony 2 - firewall and access control issue

I've got a wired problem with the symfony 2 security component. Due to the fact that the {{ app.user }} object is only available within the secured area, I set the firewall pattern to ^/. Now I want to "unsecured" some pages, like registration. I've tried this by using access_control but it doesn't work.

Here is my security.yml

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    login:
        pattern:  ^/account/login$
        security: false

    account_area:
        pattern:    ^/
        form_login:
            check_path: /account/login_check
            login_path: /account/login
            default_target_path: /account
        remember_me:
            key:      blaBlubKey
            lifetime: 3600
            path:     /
            domain:   ~
        logout:
            path:   /account/logout
            target: /

access_control:
    #works
    - { path: ^/backend, roles: ROLE_USER }
    #works not
    - { path: ^/registration, roles: IS_AUTHENTICATED_ANONYMOUSLY }

Thanks in advance!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Worth mentioning is that the best practice here is to use only one firewall with access_control for login page. Why? What would You do if the logged user tries to access the /login page? You won't be able to check in controller if he is authenticated and redirect him, because the user will be authenticated to your main firewall, but not to the login firewall, as they are separate security systems.

Here is the security.yml that works great for me:

security:
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: true
            anonymous: ~ 
        secured_area:
            pattern:    ^/
            anonymous:  ~
            form_login:
                login_path:  /login
                check_path:  /login_check
                always_use_default_target_path: true
                default_target_path: /
            logout:
                path:   /logout
                target: /
    providers:
        main:
            entity: { class: CoreUserBundleEntityUser, property: username }
    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, roles: ROLE_SUPERADMIN }
        - { path: ^/user, roles: ROLE_USER }
        - { path: ^/, roles: IS_AUTHENTICATED_FULLY }

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...