我正在创建一个仅供用户使用的应用程序。所以你必须登录才能访问任何网址。
目前我有这个:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
anonymous: ~
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: IS_AUTHENTICATED }
- { path: ^/admin/, role: ROLE_ADMIN }
但是当我登录时,我会遇到安全检查。将所有网址放在防火墙后面的最佳方法是什么?
答案 0 :(得分:2)
symfony中的acl系统可以作为上层覆盖下层ACL。
“检查ACE的顺序非常重要。作为一般规则,您应该在开头放置更多特定条目。” Symfony 2 acl Doc
所以:
access_control:
- { path: ^/admin/, role: ROLE_ADMIN } # 4 You override #1 for all urls beginning by admin/ by allowing it to ROLE_ADMIN
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } # 2 Same as 2
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } # 2 Same as 2
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } # 2 You have blocked all except this pas for IS_AUTHENTICATED_ANONYMOUSLY
- { path: ^/, role: IS_AUTHENTICATED } # 1 You start by blocking all
或者带有参数的完整fos用户文件:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
remember_me: true
logout: true
anonymous: true
access_control: #Top override bottom, change order with CAUTION
## Admin Rule
- { path: ^/admin, role: ROLE_ADMIN }
## Anonymous FOS User Rules
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
## Block All Website to anonymous user
- { path: ^/, roles: ROLE_USER }