根据symfony 2文档,默认情况下,如果用户尝试访问安全页面,他们将提示登录页面,成功登录后,他们将被重定向到他们想要的原始页面。 (Reference)。
但在我的应用程序中,如果用户尝试访问mysite.com/blog/post/2/edit,则始终会将用户重定向到/。
这是我的security.yml:
jms_security_extra:
secure_all_services: false
expressions: true
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
main:
entity: {class: Done\PunctisBundle\Entity\User, property: username}
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
remember_me:
key: %secret%
lifetime: 3600
path: /
domain: ~
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
logout:
path: /logout
target: /
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/signup, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/verification, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/popup/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/ajax/track, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/ajax/socialbox, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
encoders:
Done\PunctisBundle\Entity\User:
algorithm: md5
iterations: 1
encode_as_base64: false
登录表单:
<?php $view -> extend('DonePunctisBundle:TemplateBases:default.html.php'); ?>
<?php $view['slots']->start('body')
?>
<h1 class="worldH1">
Effettua il <span>login</span> su Punctis<br>e inizia a guadagnare!
</h1>
<div id="loginContent" class="container pageContent">
<?php
if(isset($error)){
?>
<div class="alert alert-error">
<?=$error->getMessage() ?>
</div>
<?php
} else{?>
<div class="alert">
<strong>SEI NUOVO?</strong> Se non hai ancora un account, <a href="#">registrati</a> in meno di un minuto!
</div>
<?php } ?>
<div id="loginForm">
<div class="row">
<div class="span3">
<h2>Logina via Social</h2>
<p>
<a href="#" id="signupFacebookStart" class="socialButton"> <?=$this -> get('translator') -> trans('login.via.facebook', array(), 'front'); ?></a>
</p>
<p>
<a href="#" id="signupTwitterStart" class="socialButton tw"> <?=$this -> get('translator') -> trans('login.via.twitter', array(), 'front'); ?></a>
</p>
</div>
<div class="span4">
<div id="loginFormCanvas">
<h2>Logina via Mail</h2>
<form action="<?php echo $view['router']->generate('done_punctis_user_login_check') ?>" method="post">
<label class="control-label required" for="login_email">Mail:</label>
<input type="text" value="<?php echo (isset($last_username)? $last_username: null); ?>" id="login_email" name="_username" class="input-large">
<label class="control-label required" for="login_email">Password:</label>
<input type="password" name="_password" value="" id="login_email" class="input-large">
<label for="remember_me" class="checkbox"><input type="checkbox" id="remember_me" name="_remember_me" checked /> Remember me</label>
<input type="hidden" name="_target_path" value="/" />
<button class="btn btn-primary" type="submit">Login</button> <a id="loginForgetPass" href="#">Password Dimenticata?</a>
</form>
</div>
<div class="clear"></div>
</div>
</div>
</div>
</div>
<?php $view['slots']->stop() ?>
答案 0 :(得分:2)
默认情况下,当用户尝试访问未经过身份验证的安全页面时,属性路径的表单登录策略是在重定向到登录页面之前将路径存储到会话中。因此,成功登录后,用户将被重定向到此路径。但有两种方法可以禁用这种机制。
如果您将 always_use_default_target_path 选项设置为 TRUE ,则不会存储任何路径,并且用户将始终重定向到已配置的 default_target_path (成功登录后的默认 / )。
如果您在请求中添加 _target_path 参数,则用户将在成功登录后重定向到此参数包含的路径。
因此,在您的示例中,用户在登录后始终会重定向到 / 路径,因为您的 _target_path 隐藏字段的值为 / 在您的登录表单中。
答案 1 :(得分:0)
在 security.yml 的防火墙的form_login部分中,您必须指定您想要使用 referer :
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
main:
entity: {class: Done\PunctisBundle\Entity\User, property: username}
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
remember_me:
key: %secret%
lifetime: 3600
path: /
domain: ~
pattern: ^/
anonymous: ~
form_login:
login_path: /login
check_path: /login_check
use_referer: true
logout:
path: /logout
target: /
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/signup, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/verification, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/popup/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/ajax/track, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/ajax/socialbox, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
encoders:
Done\PunctisBundle\Entity\User:
algorithm: md5
iterations: 1
encode_as_base64: false