我正在尝试在我的第一个测试应用程序中设置用户和安全管理,但是我对于什么做了什么感到有点迷失。
我的设置到目前为止:Symfony 2.5,SonataUserBundle(以及它的FOSUserBundle)
在我的app/config/config.yml中,我提供了以下设置,以便在管理网站安全性方面具有相关性(大部分都取自我所包含的各种软件包的设置说明):
imports:
- { resource: security.yml }
[...]
fos_user:
firewall_name: main
[...]
security:
# FOSUserBundle config
# cf. https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md#step-4-configure-your-applications-securityyml
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
# end of FOSUserBundle config
access_control:
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin login page needs to be access without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
我的app/config/security.yml如下所示:
security:
# added with Sonata User Bundle
encoders:
FOS\UserBundle\Model\UserInterface: sha512
# end
providers:
in_memory:
memory: ~
# added with Sonata User Bundle
fos_userbundle:
id: fos_user.user_manager
# end
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# added with Sonata User Bundle
# -> custom firewall for the admin area of the URL
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
logout:
path: /admin/logout
anonymous: true
# -> end custom configuration
# default login area for standard users
# This firewall is used to handle the public login area
# This part is handled by the FOS User Bundle
main:
pattern: /(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: null
logout: true
anonymous: true
# end
default:
anonymous: ~
# Sonata
acl:
connection: default
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
以下是我的问题:
基于我对"模式的理解"到目前为止,Symfony中的任何内容都会先加载security.yml中的任何内容,因此优先于config.yml中相同参数的任何新定义。 这是正确的吗?
在我看来,以下内容定义了两次,一次是security.yml,一次是config.yml:
fos_user.user_manager和fos_user.user_provider.username)main防火墙的模式(^/ vs。.*) 这些确实定义相同吗?是否可以安全地假设在所有这些情况下,仅security.yml中定义的那些设置适用?
安全相关定义通常如何在security.yml和config.yml(以及其他潜在位置)之间进行划分?
答案 0 :(得分:3)
正如Cerad在评论中提到的,两个文件中都有相同的部分security:。
查看app/config/config.yml文件的开头:
imports:
- { resource: security.yml }
这意味着当Symfony2解析security.yml文件时,将导入config.yml文件。因此,您只能在security:文件中保留app/config/security.yml部分,以便定义安全配置。
这是默认配置,请参阅官方GitHub存储库中的这些文件:
app/config/config.yml(没有security:部分)app/config/security.yml(包含security:部分)