强制/注销无效(acces_denied_url:)

时间:2019-04-04 08:16:59

标签: php symfony fosuserbundle

因此,我使Role_User只能从某个IP地址访问该网站。除非用户连接的是其他IP,否则其他所有操作都像魅力一样,我尝试将其重定向到/ en / logout。但它弹出一个错误 “您必须激活注销安全防火墙配置”。 真的需要帮助。

security:
    encoders:
        App\Entity\User: bcrypt

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        secured_area:
            pattern: ^/
            user_checker: App\Security\UserChecker
            anonymous: true
            stateless: false

            guard:
                authenticators:
                    - App\Security\TokenAuthenticator

            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 604800
                path:     /

            form_login:
                provider: fos_userbundle
                check_path: fos_user_security_check
                login_path: fos_user_security_login
                csrf_token_generator: security.csrf.token_manager

            logout:
                path: fos_user_security_logout
                target: /(%app_locales%)/login
            access_denied_url: /(%app_locales%)/logout
    role_hierarchy:
        ROLE_USER:        ROLE_USER
        ROLE_TEAMLEAD:    ROLE_CUSTOMER
        ROLE_ADMIN:       ROLE_TEAMLEAD
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    access_control:
        - { path: '^/(%app_locales%)/timesheet', role: ROLE_USER, ip: [IP.IP.IP.IP] }
        - { path: '^/(%app_locales%)/timesheet', role: ROLE_ADMIN }
        - { path: '^/(%app_locales%)/timesheet', roles: ROLE_NO_ACCESS }
        - { path: '^/(%app_locales%)$', role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: '^/(%app_locales%)/login', role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: '^/(%app_locales%)/register', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
        - { path: '^/(%app_locales%)/resetting', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
        - { path: '^/(%app_locales%)/', roles: ROLE_USER, ip: [IP.IP.IP.IP] }
        - { path: '^/api', roles: IS_AUTHENTICATED_REMEMBERED, ip: [IP.IP.IP.IP] }
        - { path: '^/(%app_locales%)/login$', roles: ROLE_NO_ACCESS }

2 个答案:

答案 0 :(得分:0)

您需要使用正确的参数在access_control列表中提供注销路径。现在,您的/en/logout已由角色ROLE_USER和ip [IP.IP.IP.IP]授权。您需要添加下一行:

access_control:
    ...
    - { path: '^/(%app_locales%)/logout', roles: ROLE_USER }
    ...

如您所见,我删除了对IP地址的依赖,以在路径/en/logout上进行授权。现在,它仅取决于用户的ROLE_USER角色。

答案 1 :(得分:0)

我认为,在迈克尔发布的access_control条目的顶部,您应该更改

access_denied_url: /(%app_locales%)/logout

进入

access_denied_url: fos_user_security_logout

这似乎是similar case

中的问题