Symfony2上的多个防火墙项目security.yml,如何处理模式?

时间:2015-05-01 13:48:23

标签: php symfony fosuserbundle hwioauthbundle symfony-2.6

我正在一个需要两个防火墙或安全区域的项目中工作。第一个防火墙/安全区域将允许使用Salesforce作为提供程序使用HWIOAuthBundle进行登录/注销,第二个防火墙/安全区域将允许通过FOSUserBundle登录/注销,因为这是针对内部系统管理员的,依此类推。由于我不知道如何处理security.yml参数,因此我怀疑是否设置了pattern文件。我已阅读Security reference,但不知道如何做到这一点。这就是我现在所拥有的:

firewalls:
        #this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
        rep_area:
            methods: [GET, POST]
            pattern: ^/
            anonymous: true
            logout: true

        #this is the secured area accessed through web browser and only internals are allowed to login
        admin_area:
            pattern:    ^/
            anonymous:    ~

在这种情况下我应该如何配置pattern

更新:防火墙无法正常工作

这是防火墙部分在用户回答之后的样子:

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    #this is the secured area accessed through web browser and only internals are allowed to login
    admin_area:
        pattern:    ^/admin
        anonymous:    ~
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            login_path: /login
            check_path: /login_check
            post_only: true
            always_use_default_target_path: true
            target_path_parameter: _target_path
            use_referer: false
            failure_path: null
            failure_forward: false
        logout:
            path:   fos_user_security_logout
            target: /

    #this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
    rep_area:
        methods: [GET, POST]
        pattern: ^/
        anonymous: true
        logout: true

但如果我尝试http://appdev.local/app_dev.php/admin/,我就会收到此错误:

  

BaseNode.php第313行中的InvalidConfigurationException:无效   路径“security.firewalls.admin_area”的配置:check_path   登录方法“form_login”的“/ login_check”与之不匹配   防火墙模式“^ / admin”。

为什么呢?

编辑2:如果有FOSUserBundle&& HWIOAuth一起工作?

作为补充信息,我从一开始就忘了告诉它,我有并且需要FOSUserBundle&&安装了HWIOAuth,我正在努力使两者都正常工作。在这种情况下,这就是我routing.yml的样子:

#HWIOAuthBundle
hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /connect

hwi_oauth_login:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix:   /login

salesforce_login:
    pattern: /login/check-salesforce

#PDOne
pd_one:
    resource: "@PDOneBundle/Controller/"
    type:     annotation
    prefix:   /

template:
    resource: "@TemplateBundle/Controller/"
    type:     annotation
    prefix:   /

#FOSUserBundle
fos_user:
    resource: "@FOSUserBundle/Resources/config/routing/all.xml"
fos_user_security:
    prefix: /admin
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

#SonataAdmin
admin:
    resource: '@SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
    prefix: /admin

_sonata_admin:
    resource: .
    type: sonata_admin
    prefix: /admin

我应如何处理FOSUserBundle&& HWIOAuth?

1 个答案:

答案 0 :(得分:1)

只是简单地

firewalls:
    #this is the secured area accessed through web browser and only internals are allowed to login
            admin_area:
                pattern:    ^/admin
                anonymous:    ~

        #this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
        rep_area:
            methods: [GET, POST]
            pattern: ^/
            anonymous: true
            logout: true

这是一个正则告诉symfony所有路由^(开始)/遵循此规则。或/admin遵循另一条规则。防火墙将始终遵循它首先匹配的任何规则。因此,您的管理规则必须先行,否则它将无法正常工作。

修改

在您为FOS UserBundle添加安全路由的路由设置中,尝试附加/ admin作为前缀。可能是因为/ admin是您的规则,但是为登录生成的路由是host.com/login而不是host.com/admin/login

fos_user_security:
    prefix: /admin
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"