Question

我的项目中有3个角色：

admin=> /admin
customer=> /customer
therapist=> /therapist

我配置安全防火墙并正常工作。但我需要知道客户用户已登录或治疗师用户表格在安全区域之外。有没有办法配置防火墙访问共享安全区域？如果我将客户和治疗师的模式改为/，则客户防火墙不会起作用。这是我的security.yml

security:
    encoders:
        Utab\AdminBundle\Entity\User:
            algorithm: bcrypt
        Arg\TherapistBundle\Entity\User:
            algorithm: bcrypt
        Shop\CustomerBundle\Entity\User:
            algorithm: bcrypt
    providers:
        admin_provider:
            entity:
                class: 'UtabAdminBundle:User'
        therapist_provider:
            entity:
                class: 'ArgTherapistBundle:User'
        shop_customer_provider:
            entity:
                class: 'ShopCustomerBundle:User'
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        admin_firewall:
            pattern: /admin/.*
            simple_form:
                provider: admin_provider
                check_path: admin_login_check
                login_path: admin_login
                failure_path: admin_login
                default_target_path: admin_profile
                authenticator: google_recaptcha_authenticator
                failure_forward: true
            logout:
                path: admin_logout
                target: admin_login
            anonymous: true

        therapist_firewall:
            pattern: /therapist/.*
            simple_form:
                provider: therapist_provider
                check_path: therapist_login_check
                login_path: therapist_login
                failure_path: therapist_login
                default_target_path: therapist_profile
                authenticator: google_recaptcha_authenticator
            logout:
                path: therapist_logout
                target: /
            anonymous: true
        shop_customer_firewall:
            pattern: /customer/.*
            simple_form:
                provider: shop_customer_provider
                check_path: shop_customer_login_check
                login_path: shop_customer_login
                failure_path: shop_customer_login
                default_target_path: shop_customer_profile
                authenticator: google_recaptcha_authenticator
            logout:
                path: shop_customer_logout
                target: shop_customer_login
            anonymous: true

    access_control:
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }
        - { path: ^/therapist/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/therapist/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/therapist/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/therapist/, role: ROLE_THERAPIST }
        - { path: ^/customer/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customer/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customer/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customer/, role: ROLE_SHOP_CUSTOMER }

Answer 1

您只能访问当前防火墙中当前登录的用户（及其角色）。如果没有为当前URL定义防火墙，则无法访问数据。

然而，有一个解决方案。制作一个具有三个当前防火墙的大型防火墙。然后，使用访问控制来限制对子URL的访问。你一定要考虑你现在使用的不同用户实体。

示例：

# app/config/security.yml
security:
    # ...
    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/customer, roles: ROLE_CUSTOMER }
        - { path: ^/therapist, roles: ROLE_THERAPIST }

另请阅读documentation。

symfony防火墙配置用于共享安全区域

1 个答案: