安全和路线 - Symfony2

时间:2012-08-23 06:41:39

标签: security symfony routing

我希望我的项目的索引页面是一个登录表单,其下面有一个注册链接,未登录的访问者应该只能看到路由/的登录表单和路由{{的注册页面1}}。当我想要的日志被重定向到具有路由/register的主页时。我尝试了一些东西,它在开发环境中工作(尽管工具栏有一些问题 - Symfony2 - dev environment)但是当我切换到prod env时,浏览器说:“页面没有正确重定向。Firefox已经检测到服务器以永远不会完成的方式重定向该地址的请求。这个问题有时可能是由于禁用或拒绝接受cookie造成的。“

以下是我的文件:

security.yml 

/home

的routing.yml 

security:
    encoders:
        EM\MyFriendsBundle\Entity\User:
            algorithm:        sha1
            encode_as_base64: false
            iterations:       1

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER

providers:
    administrators:
        entity: { class: EMMyFriendsBundle:User }

firewalls:
    secured_area:
        pattern:    ^/
        anonymous: ~
        form_login:
            login_path:  /login
            check_path:  /login_check
            default_target_path: /home

access_control:
    - { path: ^/home, roles: ROLE_ADMIN }

WelcomeController.php 

login_display:
    pattern: /
    defaults: { _controller: EMMyFriendsBundle:Welcome:display }

login:
    pattern:   /login
    defaults:  { _controller: EMMyFriendsBundle:Welcome:login}

login_check:
    pattern:   /login_check

register:
    pattern: /register
    defaults: { _controller: EMMyFriendsBundle:Welcome:register }

home_display:
    pattern: /home
    defaults: { _controller: EMMyFriendsBundle:Home:display }

HomeController.php 

<?php

namespace EM\MyFriendsBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;

class WelcomeController extends Controller
{
    public function displayAction()
    {
        $error=null;
        $last_username=null;
        return $this->render('EMMyFriendsBundle:Welcome:login.html.twig', array('error' => $error, 'last_username' => $last_username));
    }

    public function loginAction()
    {
        $request = $this->getRequest();
        $session = $request->getSession();

        // get the login error if there is one
        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
        } else {
            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
            $session->remove(SecurityContext::AUTHENTICATION_ERROR);
        }

        return $this->render('EMMyFriendsBundle:Welcome:login.html.twig', array(
            // last username entered by the user
            'last_username' => $session->get(SecurityContext::LAST_USERNAME),
            'error'         => $error
        ));
    }

    public function registerAction()
    {
         return $this->render('EMMyFriendsBundle:Welcome:register.html.twig');
    }
}

1 个答案:

答案 0 :(得分:4)

添加:

    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }.
相关问题
最新问题