这是我的注释:
@Security("
request.getHost() == 'example.com' or
request.getHost() == 'google.com'
")
这样可行,但会引发以下错误:
Full authentication is required to access this resource.
这导致500而不是403。调试日志:
DEBUG - Access denied, the user is not fully authenticated; redirecting to authentication entry point.
CRITICAL - Uncaught PHP Exception Symfony\Component\Security\Core\Exception\InsufficientAuthenticationException: "Full authentication is required to access this resource." at /[path]/[to]/[project]/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php line 131
但是没有设置身份验证点(或者需要设置):
security.yml:
firewalls:
dev:
pattern: ^/(_(profiler|wdt))/
security: false
no_auth:
pattern: ^/(|css|images|js|admin/login)/
security: false
admin:
anonymous: ~
pattern: ^/admin
guard:
authenticators:
- admin.form_login
logout:
path: admin_logout
main:
anonymous: ~
pattern: ^/
注释位于^/。
如何让Symfony抛弃一个简单的拒绝访问?
当我在我的管理控制器上执行此操作时,它的行为与预期一致 - 我没有得到认证的缺乏,我被拒绝访问。但是,我需要一个未经身份验证的资源,但受IP限制。