我希望限制已登录用户的登录路由
security.yml
security:
encoders:
Site\Bundle\AdminBundle\Entity\Users:
algorithm: md5
iterations: 0
encode_as_base64: false
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
in_memory:
memory:
users:
ryan: { password: ryanpass, roles: 'ROLE_USER' }
admin: { password: kitten, roles: 'ROLE_ADMIN' }
administrators:
entity: { class: SiteAdminBundle:Users , property: username}
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
anonymous: ~
http_basic:
realm: "Secured Demo Area"
form_login:
login_path: /login
check_path: /login_check
logout:
path: /logout
provider: administrators
access_control:
- { path: ^/admin/*, roles: ROLE_ADMIN }
- { path: /login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/*, role: IS_AUTHENTICATED_ANONYMOUSLY }
我的登录功能:
public function loginAction(Request $request)
{
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(
SecurityContextInterface::AUTHENTICATION_ERROR
);
} elseif (null !== $session && $session->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
$error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);
$session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
} else {
$error = '';
}
// last username entered by the user
$lastUsername = (null === $session) ? '' : $session->get(SecurityContextInterface::LAST_USERNAME);
return $this->render(
'SiteSecurityBundle:Default:login.html.twig',
array(
// last username entered by the user
'last_username' => $lastUsername,
'error' => $error,
)
);
}
问题是它有效,例如对于/ admin只有ROLE_ADMIN可以访问那里而ROLE_USER没有。但/登录如果我记录了或不记录我可以访问它,在symfony2开发工具中,我看到我是匿名的,而且我已经记录了...我没有想法
答案 0 :(得分:1)
有许多方法可以限制用户访问某些资源。 您将在下面看到其中两种方法:
1)安装了 SensioFrameworkExtraBundle (包含在symfony2全栈版本中),您可以像这样使用annotations for controllers
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
class YourController extends Controller
{
/**
* @Security("is_granted('IS_AUTHENTICATED_ANONYMOUSLY')")
*/
public function loginAction(Request $request)
{
// ...
}
}
2)没有 SensioFrameworkExtraBundle注释
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
class YourController extends Controller
{
public function loginAction(Request $request)
{
if (true === $this->get('security.context')->isGranted('ROLE_ADMIN')) {
throw new AccessDeniedException('Unable to access this page!');
# or you can do also a redirect instead of exception
return $this->redirect($this->generateUrl('homepage'));
}
// ...
}
}