我正在一个需要两个防火墙或安全区域的项目中工作。第一个防火墙/安全区域将允许使用Salesforce作为提供程序使用HWIOAuthBundle进行登录/注销,第二个防火墙/安全区域将允许通过FOSUserBundle登录/注销,因为这是针对内部系统管理员的,依此类推。由于我不知道如何处理security.yml
参数,因此我怀疑是否设置了pattern
文件。我已阅读Security reference,但不知道如何做到这一点。这就是我现在所拥有的:
firewalls:
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/
anonymous: ~
在这种情况下我应该如何配置pattern
?
更新:防火墙无法正常工作
这是防火墙部分在用户回答之后的样子:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
post_only: true
always_use_default_target_path: true
target_path_parameter: _target_path
use_referer: false
failure_path: null
failure_forward: false
logout:
path: fos_user_security_logout
target: /
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
但如果我尝试http://appdev.local/app_dev.php/admin/
,我就会收到此错误:
BaseNode.php第313行中的InvalidConfigurationException:无效 路径“security.firewalls.admin_area”的配置:check_path 登录方法“form_login”的“/ login_check”与之不匹配 防火墙模式“^ / admin”。
为什么呢?
编辑2:如果有FOSUserBundle&& HWIOAuth一起工作?
作为补充信息,我从一开始就忘了告诉它,我有并且需要FOSUserBundle&&安装了HWIOAuth,我正在努力使两者都正常工作。在这种情况下,这就是我routing.yml
的样子:
#HWIOAuthBundle
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
salesforce_login:
pattern: /login/check-salesforce
#PDOne
pd_one:
resource: "@PDOneBundle/Controller/"
type: annotation
prefix: /
template:
resource: "@TemplateBundle/Controller/"
type: annotation
prefix: /
#FOSUserBundle
fos_user:
resource: "@FOSUserBundle/Resources/config/routing/all.xml"
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
#SonataAdmin
admin:
resource: '@SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
prefix: /admin
_sonata_admin:
resource: .
type: sonata_admin
prefix: /admin
我应如何处理FOSUserBundle&& HWIOAuth?
答案 0 :(得分:1)
只是简单地
firewalls:
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
这是一个正则告诉symfony所有路由^
(开始)/
遵循此规则。或/admin
遵循另一条规则。防火墙将始终遵循它首先匹配的任何规则。因此,您的管理规则必须先行,否则它将无法正常工作。
修改强>
在您为FOS UserBundle添加安全路由的路由设置中,尝试附加/ admin作为前缀。可能是因为/ admin是您的规则,但是为登录生成的路由是host.com/login
而不是host.com/admin/login
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"