我猜我有一个知识问题。
我想,安全区域是由防火墙完成的。所以对于我的理解,我只需要在“access_control”中写下该区域以通过角色来保护它,不是iT吗?
实际上,我的security.yml看起来像是:
security:
encoders:
FOS\UserBundle\Model\UserInterface: pbkdf2
role_hierarchy:
ROLE_USER: [ROLE_USER]
ROLE_MODERATOR: [ROLE_AUTHOR]
ROLE_ADMIN: [ROLE_MODERATOR]
ROLE_SUPER_ADMIN: [ROLE_ADMIN]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
# restrict the firewall to specific http methods
methods: [GET, POST]
access_denied_url: /error403
form_login:
check_path: /login_check
# the user is redirected here when they need to log in
login_path: /login
# if true, forward the user to the login form instead of redirecting
use_forward: true
# login success redirecting options (read further below)
always_use_default_target_path: false
default_target_path: /de/dashboard/
target_path_parameter: _target_path
use_referer: false
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: /login
logout: true
anonymous: true
logout:
path: /logout
target: /login
invalidate_session: false
delete_cookies:
a: { path: null, domain: null }
b: { path: null, domain: null }
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/user, role: ROLE_ADMIN }
- { path: ^/administration, role: ROLE_ADMIN }
但如果我使用“ROLE_USER”帐户登录,我仍然可以访问“管理路径”。
我的问题在哪里?我想念somenthing吗?我是否需要听众或其他内容?或者是否会自动处理?