我有一个使用LDAP身份验证提供程序的Symfony 3.4应用程序。我最近添加了一个' in_memory'提供者(链接)所以我可以在离线时轻松测试应用程序(即未连接到ldap服务器时)。
我知道我无法覆盖Symfony安全配置。那么如何禁用' in_memory'生产环境中的提供者,但同时允许' in_memory'和' ldap'在开发环境中?
这是我的security.yml:
security:
encoders:
AppBundle\Security\User\LdapUser: plaintext
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
providers:
chain_provider:
chain:
providers: [in_memory, ldap_user]
in_memory:
memory:
users:
user: { password: 'user', roles: 'ROLE_USER' }
admin: { password: 'admin', roles: 'ROLE_ADMIN' }
ldap_user:
id: app.ext_ldap_user_provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login$
security: false
anonymous: ~
main:
http_basic:
provider: in_memory
pattern: ^/
anonymous: ~
provider: ldap_user
form_login_ldap:
service: app.ldap
dn_string: '%ldap_dn_string%'
query_string: '%ldap_query_string%'
remember_me: true
csrf_token_generator: security.csrf.token_manager
success_handler: AppBundle\Security\AuthenticationSuccessHandler
logout:
path: logout
target: /
logout_on_user_change: true
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
- { path: ^/, roles: ROLE_USER, requires_channel: https }
答案 0 :(得分:1)
使用两个防火墙restricted by host,一个与您的本地主机匹配并使用链式提供程序,另一个与您的prod主机匹配并仅使用LDAP提供程序。
这看起来像是:
#config/packages/security.yaml
security:
providers:
chain_provider:
chain:
providers: [in_memory, ldap_provider]
in_memory:
memory:
users:
foo: { password: test }
ldap_provider:
#...
firewalls:
firewall_dev:
host: ^admin\.localhost$
provider: chain_provider
#...
firewall_prod:
host: ^admin\.example\.com$
provider: ldap_provider
#...