我对symfony安全性有疑问。
我的security.yml设置如下:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
OVB\DBBundle\Entity\User\User:
id: ovb.password.encoder
providers:
in_memory:
memory:
users:
test: { password: ******, roles: 'ROLE_ADMIN' }
main:
entity:
class: OVB\DBBundle\Entity\User\User
property: email
firewalls:
secured_area:
provider: in_memory
pattern: ^/
anonymous: ~
http_basic:
realm: "Secured Test Area"
main:
pattern: ^/
provider: main
form_login:
login_path: /login
check_path: ovb_login_check
use_referer: true
logout: true
anonymous: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: ^/, roles: ROLE_ADMIN }
- { path: ^/login_check, roles: ROLE_USER }
正如您所看到的,我有两个具有相同模式的防火墙。第一个(secured_area)是保护我的测试环境(HTTP身份验证),第二个是常规网站用户(表单登录)。 个别地他们都工作,但他们没有,我认为他们使用相同的模式。 有没有人知道如何使这项工作?
谢谢!
答案 0 :(得分:2)
在你的基地security.yml
:
security:
#...
providers:
main:
entity:
class: 'OVB\DBBundle\Entity\User\User'
property: email
dev:
memory:
users:
admin: { password: ******, roles: 'ROLE_ADMIN' }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
provider: main
form_login:
login_path: /login
check_path: ovb_login_check
use_referer: true
logout: true
anonymous: ~
在security_dev.yml
:
security:
firewalls:
main:
http_basic:
provider: dev