我试图添加身份验证器,它应该只负责访问路径/ Abc,默认情况下其他安全区域由默认身份验证器保护。
只要我将样式行pattern: ^/Abc添加到我的security.yml中,一切正常。我可以登录并注销。用户通过身份验证
令牌类PostAuthenticationGuardToken和防火墙abc。
当我添加行pattern: ^/Abc时,我无法再登录(进入/ Abc区域)。在我将登录表单应用程序重新加载到路径login_abc
security.yml
security:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
abc:
anonymous: ~
pattern: ^/Abc
guard:
authenticators:
- abc_authenticator
form_login:
login_path: login_abc
check_path: login_abc
remember_me: false
logout:
path: logout_abc
target: main_index
default:
anonymous: ~
pattern: ^/(?!Abc)
form_login:
always_use_default_target_path: false
login_path: login
check_path: login
remember_me: false
logout:
path: logout
target: main_index
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login_abc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/Abc, roles: [ROLE_ABC] }
- { path: ^/Work, roles: [ROLE_WORK, ROLE_WORK2] }
- { path: ^/Home, roles: [ROLE_HOME] }
abcAuthenticator.php
namespace AppBundle\Security;
use AppBundle\Entity\User;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Doctrine\Bundle\DoctrineBundle\Registry as Doctrine;
class abcAuthenticator extends AbstractGuardAuthenticator {
const ACCESS_DENNIED = "Access dennied";
/**
* @var \Symfony\Component\Routing\RouterInterface
*/
private $router;
/**
* @var Doctrine
*/
private $doctrine;
/**
* abcAuthenticator constructor.
*/
public function __construct(RouterInterface $router, Doctrine $doctrine) {
$this->router = $router;
$this->doctrine = $doctrine;
}
public function start(Request $request, AuthenticationException $authException = null) {
$url = $this->router->generate('login_abc');
return new RedirectResponse($url);
}
public function getCredentials(Request $request) {
if ($request->getPathInfo() != '/login_abc' || !$request->isMethod('POST')) {
return;
}
return array(
'cardToken' => $request->request->get('_cardToken'),
);
}
public function getUser($credentials, UserProviderInterface $userProvider) {
try {
try {
$user = $this->doctrine->getRepository(User::class)->findOneByCardToken($credentials['cardToken']);
if (is_null($user)) {
throw new UsernameNotFoundException();
}
return $userProvider->loadUserByUsername($user->getUsername());
} catch (UsernameNotFoundException $e) {
throw new CustomUserMessageAuthenticationException(self::ACCESS_DENNIED);
}
}
catch (UsernameNotFoundException $e) {
throw new CustomUserMessageAuthenticationException(self::ACCESS_DENNIED);
}
}
public function checkCredentials($credentials, UserInterface $user) {
return true;
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) {
$url = $this->router->generate('login_abc');
return new RedirectResponse($url);
}
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) {
$url = $this->router->generate('abc_panel');
return new RedirectResponse($url);
}
public function supportsRememberMe() {
return false;
}
}
Authenticator当然是注册为服务。
我不知道出了什么问题。请帮助。
答案 0 :(得分:0)
在getCredentials()方法中,如果您转到URL /login_abc(URL,而不是路由名称),则似乎只允许登录 - 但只允许在URL上运行防护{ {1}}。
使用多个防火墙很复杂 - 您可能会发现更容易拥有单个防火墙,然后允许多个身份验证运行,直到您成功(基于URL,然后是任何用户名,密码/令牌等),以及然后其余的将被跳过。