如果在security.yml中,在access_control中我们拥有灵活路由(能够在不破坏应用程序的情况下更改路由,感谢路由标识符,例如'admin_settings' - >'/ admin / settings'),有什么意义?指定路径(而不是ids)?
access_control:
- { path: ^/test, ip: 127.0.0.1 }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/reset, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/settings, role: ROLE_USER }
每次更改路线时,我都必须检查它是否仍然安全。
答案 0 :(得分:1)
最近我遇到了同样的问题,所以我为symfony security.yml编写了一个小扩展,它添加了路由名称支持,也许你会感兴趣:https://github.com/madesst/MadesstSecurityExtraBundle
你将能够以这种方式写作:
# app/config/security.yml
security:
firewalls:
secured_area:
pattern: '@*' # Equals to '^/' in old syntax
anonymous: ~
form_login:
login_path: '_demo_login'
check_path: '_security_check'
access_control:
- { path: '@my_bundle_post_delete', roles: ROLE_ADMIN}
- { path: '@my_bundle_post_*', roles: ROLE_USER}
- { path: '@my_bundle_post', roles: IS_AUTHENTICATED_ANONYMOUSLY}
- { path: ^/esi, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
- { path: ^/esi, roles: ROLE_NO_ACCESS }