我的目标是让除防火墙外的所有路径都受到保护。 我有这样的防火墙配置:
security:
acl:
connection: default
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
encoders:
FOS\UserBundle\Model\UserInterface: sha512
firewalls:
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
form_login:
provider: fos_userbundle
check_path: /oauth/v2/auth_login_check
login_path: /oauth/v2/auth_login
anonymous: true
api:
pattern: ^/.*
fos_oauth: true
stateless: true
anonymous: false
access_control:
- { path: ^/, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
- { path: ^/doc, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
- { path: ^/resque, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
- { path: /monitor, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
- { path: /users, methods: [POST], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
- { path: /users/me/registration/confirm, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
- { path: /users/me/email/confirm, methods: [GET], roles: [ IS_AUTHENTICATED_ANONYMOUSLY ]}
- { path: /instants/.*, methods: [PUT], roles: [IS_AUTHENTICATED_ANONYMOUSLY ]}
- { path: ^/_profiler, roles: [IS_AUTHENTICATED_ANONYMOUSLY]}
- { path: ^/_wdt, roles: [IS_AUTHENTICATED_ANONYMOUSLY]}
- { path: ^/_configurator, roles: [IS_AUTHENTICATED_ANONYMOUSLY]}
- { path: /.*, roles: [ IS_AUTHENTICATED_FULLY ]}
但如果没有访问令牌,则无法访问路由/resque,/monitor和其他路由。
我在配置中做错了吗?或者无法实现路由白名单?
答案 0 :(得分:1)
您可以在api模式中使用异常:
api:
pattern: ^/api(?!/doc)(?!/user/add)(?!/user/availability) # All URLs are protected except api/doc ; api/user/add ; api/user/availability
fos_oauth: true # OAuth2 protected resource
stateless: true # Do no set session cookies
anonymous: false # Anonymous access is not allowed
与此有关,您无需描述
access_control:
- ...
答案 1 :(得分:0)
我有同样的问题,我通过实施另一个防火墙解决了它。没有这条道路OAuth令牌不会被检查。我在模式中添加了另一个正则表达式路由。 并且不要忘记将此防火墙放在api防火墙前,因为你有正则表达式“匹配所有”
api_anonym_area:
pattern: (^/api/users/forgotten-password/.*)
methods: [POST]
security: false