使用登录和Oauth2客户端凭据验证相同路由时,匿名访问不起作用

时间:2017-08-31 04:27:10

标签: symfony authentication access-control

我有一个Symfony应用程序,我想通过登录和OAuth客户端凭据身份验证访问,使用相同的路由。

我通过以下防火墙设置实现了这一目标:

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    oauth:
        pattern: ^/
        stateless: true
        simple_preauth:
            authenticator: AppBundle\Security\AccessTokenAuthenticator
        provider: access_token_user_provider

    main:
        anonymous: ~
        # activate different ways to authenticate

        # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
        http_basic: ~

        provider: chain_provider
        # https://symfony.com/doc/current/security/form_login_setup.html
        form_login:
            login_path: login
            check_path: login
            csrf_token_generator: security.csrf.token_manager
            #failure_path: login_failure

        logout:
            path:   /logout
            invalidate_session: true

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/site/signup, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/site/get_token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: [ROLE_CUSTOMER, ROLE_PARTNER] }

但是,当我这样做时,底部的所有匿名路由现在都使用AccessTokenAuthenticator进行检查,并且不再工作。

我是否需要像探查器路由一样手动排除它们,或者是否有更好的方法通过access_control:entries来处理它们?

2 个答案:

答案 0 :(得分:1)

我认为安全文件中规则的顺序可能不同。你会这么说吗。

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
dev:
    pattern: ^/(_(profiler|wdt)|css|images|js)/
    security: false

# First Main Firewall
main:
    anonymous: ~
    # activate different ways to authenticate

    # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
    http_basic: ~

    provider: chain_provider
    # https://symfony.com/doc/current/security/form_login_setup.html
    form_login:
        login_path: login
        check_path: login
        csrf_token_generator: security.csrf.token_manager
        #failure_path: login_failure

    logout:
        path:   /logout
        invalidate_session: true

# Second Oauth Firewall
oauth:
    pattern: ^/
    stateless: true
    simple_preauth:
        authenticator: AppBundle\Security\AccessTokenAuthenticator
    provider: access_token_user_provider

答案 1 :(得分:0)

我通过在同一防火墙中使用多个身份验证提供程序解决了这个问题:

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        anonymous: ~
        # activate different ways to authenticate

        # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
        http_basic: ~

        provider: chain_provider
        # https://symfony.com/doc/current/security/form_login_setup.html
        simple_preauth:
            authenticator: AppBundle\Security\AccessTokenAuthenticator
            provider: access_token_user_provider
        form_login:
            login_path: login
            check_path: login
            csrf_token_generator: security.csrf.token_manager
            #failure_path: login_failure

        logout:
            path:   /logout
            invalidate_session: true
相关问题
最新问题