我有第三方应用程序(responsivefilemanager的{{1}}插件),我无法使用TinyMCE重新编写它。
我需要保护它免受未经授权的用户的侵害
是否可以从外部应用程序访问Symfony2的会话变量(用户,角色等)? 如何?
我尝试Symfony2并阅读session_start()变量,但它是空的!
我的$_SESSION是:
config.yml答案 0 :(得分:3)
我设法通过这样做来访问安全上下文:
在reponsivefilemanager/config/config.php添加:
require_once '../../vendor/autoload.php';
require_once '../../app/bootstrap.php.cache';
require_once '../../app/AppKernel.php';
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\HttpKernel;
$kernel = new AppKernel('dev', true);
//$kernel = new AppKernel('prod', false);
$kernel->loadClassCache();
$kernel->boot();
$session = new \Symfony\Component\HttpFoundation\Session\Session($kernel->getContainer()->get('session.storage'));
$session->start();
$request = Request::createFromGlobals();
$request->setSession($session);
$event = new GetResponseEvent($kernel->getContainer()->get('http_kernel'),$request, HttpKernel::MASTER_REQUEST);
$firewall = $kernel->getContainer()->get('security.firewall');
$firewall->onKernelRequest($event);
if(!$kernel->getContainer()->get('security.context')->isGranted('ROLE_ADMIN')) die("Access Denied");
当然,您应该更改autoload.php,bootstrap.php.cache&根据您的文件结构AppKernel.php路径
这有两个问题:
$kernel = new AppKernel('prod', false);模式(prod)时使用app.php和使用$kernel = new AppKernel('dev', true);模式时dev使用app_dev.php Access Denied错误时,会出现问题。但是,它可以完成工作并防止非授权用户使用文件管理器我正在努力解决问题;我会在这里公布结果。
祝你好运答案 1 :(得分:1)
您可以像这样阅读symfony会话:
// start session
session_start();
// check for symfony2 attrs first
if (isset($_SESSION['_sf2_attributes'])) {
// check for security main information
if (isset($_SESSION['_sf2_attributes']['_security_main'])) {
// we are safe to go :)
// change it , to meet your path
require_once __DIR__ . '/../../../app/autoload.php';
/**
* @var Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
*/
$security = unserialize($_SESSION['_sf2_attributes']['_security_main']);
$roles = $security->getRoles();
$user = $security->getUser();
// do your logic here
} else {
die('Access Denied');
}
} else {
die('Access Denied');
}
答案 2 :(得分:1)
;添加
require_once __DIR__.'/../../../../../app/bootstrap.php.cache';
require_once __DIR__.'/../../../../../app/AppKernel.php';
use Symfony\Component\HttpFoundation\Request;
$kernel = new AppKernel('prod', false);
$kernel->loadClassCache();
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$isSymfony2Authenticated = $kernel->getContainer()->get('security.context')->getToken() != null && ($kernel->getContainer()->get('security.context')->isGranted('ROLE_ADMIN') || $kernel->getContainer()->get('security.context')->isGranted('ROLE_SUPER_ADMIN'));
if ( ! $isSymfony2Authenticated) {
die('Access denied!');
}
这将检查用户是否具有ROLE_ADMIN或ROLE_SUPER_ADMIN
答案 3 :(得分:0)
您好,从外部应用程序访问symfony会话。 我希望它很好,再见。
framework:
session:
handler_id: session.handler.native_file
save_path: "%kernel.root_dir%/sessions"
/**
* @var array
*/
protected $sesion;
/**
* Obtiene los datos del usuario logeado en symfony
*
* @return string
*/
public function getSesion()
{
try
{
if (!isset($_COOKIE['PHPSESSID'])) {
throw new \Exception("No se encontro la cookie de sesion.", 1);
}
$path = '\\path\\proyect';
$archivo_sesion = $path[0].'\\app\\sessions\\sess_'.$_COOKIE['PHPSESSID'];
if (!file_exists($archivo_sesion)) {
throw new \Exception("No se encontro el archivo de sesion.", 1);
}
$sesion = file_get_contents($archivo_sesion);
$sesion = str_replace('_sf2_attributes|', '', $sesion);
$sesion = unserialize($sesion);
if (!isset($sesion['_security_default'])) {
throw new \Exception("Usuario no autorizado.", 1);
}
} catch (\Exception $e) {
header('Location: '.$sesion['_security.default.target_path'].'login');
die();
}
}