我一直在关注symfony网站(http://symfony.com/doc/current/security.html)上的教程,为我的Symfony 3.1项目添加一个登录信息。它适用于HTTP基本身份验证,但是当我使用此处的教程(http://symfony.com/doc/current/security/form_login_setup.html)添加form_login时,它会一直重定向到登录页面而不是登录。
这是我的security.yml:
security:
providers:
in_memory:
memory:
users:
ryan:
password: ryanpass
roles: 'ROLE_USER'
admin:
password: kitten
roles: 'ROLE_ADMIN'
encoders:
Symfony\Component\Security\Core\User\User: plaintext
firewalls:
login_firewall:
anonymous: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
provider: in_memory
form_login:
login_path: /login
check_path: /login_check
logout: ~
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
安全控制器:
class SecurityController extends Controller
{
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request)
{
$authenticationUtils = $this->get('security.authentication_utils');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render(
'security/login.html.twig',
array(
// last username entered by the user
'last_username' => $lastUsername,
'error' => $error,
)
);
}
/**
* @Route("/login_check", name="login_check")
*/
public function loginCheckAction(Request $request) {
;
}
login.html.twig:
{% extends 'base.html.twig' %}
{% block body %}
<div id="login_form">
{% if error %}
<div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}
<form action="{{ path('login') }}" method="post">
<p><label for="username">Username:</label>
<input type="text" id="username" name="_username" value="{{ last_username }}" /></p>
<p><label for="password">Password:</label>
<input type="password" id="password" name="_password" /></p>
{#
If you want to control the URL the user
is redirected to on success (more details below)
<input type="hidden" name="_target_path" value="/account" />
#}
<p><button type="submit">login</button></p>
</form>
</div>
{% endblock %}
答案 0 :(得分:1)
感谢@Cerad我把我的编码器部分放在我的提供者上面并删除了登录防火墙
现在安全性是:security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
providers:
in_memory:
memory:
users:
ryan:
password: ryanpass
roles: 'ROLE_USER'
admin:
password: kitten
roles: 'ROLE_ADMIN'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
form_login:
login_path: /login
check_path: /login_check
logout: ~
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
登录页面通过access_control列表匿名,而不是防火墙规则