我有一个注销功能,该功能可以在另一个项目中使用,但是由于某种原因在我当前正在处理的项目中无法使用。看起来它只是刷新页面。我检查了Symfony https://symfony.com/doc/current/security.html的官方文档,但无济于事。希望你们能帮助我。
已更新:Security.yml:
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
providers:
in_memory:
memory:
users:
beheerder:
password: admin
roles: 'ROLE_BEHEERDER'
access_control:
- { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous:
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
http_basic: ~
# https://symfony.com/doc/current/security/form_login_setup.html
#form_login: ~
logout:
path: security_logout
target: /
控制器:
<?php
namespace AppBundle\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
class DefaultController extends Controller
{
//Functie om naar de homepagina te gaan met een redirect naar de homepagina van de gebruiker.
/**
* @Route("/", name="homepage")
*/
public function indexAction(Request $request, AuthorizationCheckerInterface $authorizationChecker)
{
if ($authorizationChecker->isGranted(new Expression('"ROLE_BEHEERDER" in roles')))
{
return $this->redirectToRoute('beheerder');
}
else
{
return $this->render('default/index.html.twig');
}
}
/**
* @Route("/beheerder", name="beheerder")
*/
public function beheerder(Request $request)
{
return new Response($this->renderView('beheerder/index.html.twig'));
}
/**
* @Route("/logout", name="security_logout")
*/
public function logoutAction(Request $request)
{
return new Response($this->renderView('logout.html.twig'), 401);
}
}
注销树枝:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>{% block title %}Overzicht{% endblock %}</title>
<link rel="icon" type="image/x-icon" href="{{ asset('favicon.ico') }}" />
</head>
<body>
<p>Redirecting back....</p>
<script>
document.cookie = 'PHPSESSID=; Path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
window.location.href = '{{ url('homepage') }}';
</script>
</body>
</html>
编辑:我正在使用Symfony 3.4。当我转到页面/ logout时,它似乎只是刷新页面。我可以看到它具有注销功能,但是用户不会注销。
答案 0 :(得分:3)
来自Symfony安全文档:https://symfony.com/doc/3.4/security.html#logging-out
请注意,使用基于HTTP基本身份验证的防火墙时,没有真正的注销方法:唯一的注销方法是让浏览器停止在每个请求上发送您的名称和密码。清除浏览器缓存或重新启动浏览器通常会有所帮助。一些Web开发人员工具在这里也可能会有所帮助。
您正在使用http-basic,因此清除cookie无效。因此,如果要使用该代码,则需要实施其他身份验证并停止使用http-basic。
答案 1 :(得分:0)
您为IS_AUTHENTICATED_ANONYMOUSLY定义注销路径的访问控制是错误的。
请删除- { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
OR
编辑- { path: '^/logout', roles: [ROLE_BEHEERDER] }
答案 2 :(得分:0)
您尚未设置防火墙
main:
anonymous: ~
它应该看起来像 主要: 匿名:〜 secure_arena: 模式:^ / beheerder
这表示每个人都可以访问“主”防火墙,您应该限制该区域
在拥有它之后,只需将其添加到防火墙中,如下几行
logout:
path: /logout
target: /
并定义您已经执行的/ logout路由。 Symfony将自动注销。
您还需要指定身份验证器和检查路径检查https://symfony.com/doc/current/security/custom_password_authenticator.html
答案 3 :(得分:0)
app / config / security.yml
security:
# editor fold [...]
firewalls:
# editor fold [...]
main:
# editor fold [...]
# add logout into the security firewall
logout:
path: security_logout
target: /
# editor fold [...]
access_control:
- { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
# Not needed
# - { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
app / config / routing.yml
# editor fold [...]
# add logout path into main routing file
security_logout:
path: /logout
树枝视图
<!-- logout link -->
<a href="{{ path('security_logout') }}">Logout</a>