symfony - IS_AUTHENTICATED_ANONYMOUSLY无效

时间:2017-07-23 16:52:32

标签: php symfony fosuserbundle

我从与Symfony的旅程开始 在此我尝试保护我的身份验证路线(我使用FOSUserBundle)所以我这样做:

access_control:
    - { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/rejestracja, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetowanie-hasla, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/backstage/, role: ROLE_ADMIN }
    - { path: ^/profile/, role: ROLE_USER }

但是,无论我是否登录,我都可以随时前往这些路线 我哪里不好?

# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
    encoders:
        FOS\UserBundle\Model\UserInterface: bcrypt

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    firewalls:
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
                check_path: fos_user_security_check
                login_path: fos_user_security_login
            logout:
                path: fos_user_security_logout
                target: website.home
            logout:       true
            anonymous:    true

    access_control:
        - { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/rejestracja, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetowanie-hasla, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/backstage/, role: ROLE_ADMIN }
        - { path: ^/profile/, role: ROLE_USER }

1 个答案:

答案 0 :(得分:3)

您应该限制对已登录用户的访问权限,现在如果用户已登录,则还具有角色IS_AUTHENTICATED_ANONYMOUSLY,这是角色层次结构。

- { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY && !IS_AUTHENTICADED_FULLY }