我按照本教程创建一个简单的登录表单: http://symfony.com/doc/2.7/security/form_login_setup.html
这是我的security.yml文件:
security:
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
cost: 12
providers:
in_memory:
memory:
users:
admin:
password: pass
roles: ROLE_ADMIN
foo:
password: foo
roles: ROLE_USER
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
form_login:
login_path: login
check_path: login_check
csrf_provider: security.csrf.token_manager
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
这是控制器:
class SecurityController extends Controller
{
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request) {
return $this->render('AtBundle:Default:login.html.php');
}
/**
* @Route("/login_check", name="login_check")
*/
public function loginCheckAction() {
$this->addFlash('warning', $this->get('translator')->trans('login_expired'));
return $this->render('AtBundle:Default:login_check.html.php');
}
/**
* @Route("/logout", name="logout")
*/
public function logoutAction() {
$this->addFlash('warning', $this->get('translator')->trans('login_expired'));
return $this->redirect($this->generateUrl('login'));
}
}
这就是形式:
//login.html.php
<form action= /login_check method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" />
<label for="password">Password:</label>
<input type="password" id="password" name="password" />
<input type="hidden" name="_csrf_token"
value="<?php echo $view['form']->csrfToken('authenticate') ?>">
<button type="submit">login</button>
事实是,当我尝试进行身份验证时,我输入的每个用户名和密码都被认为是登录的合法身份。我可以输入username admin和password foo,系统会登录我。
我的security.yml文件错了吗?