因此,我使Role_User只能从某个IP地址访问该网站。除非用户连接的是其他IP,否则其他所有操作都像魅力一样,我尝试将其重定向到/ en / logout。但它弹出一个错误 “您必须激活注销安全防火墙配置”。 真的需要帮助。
security:
encoders:
App\Entity\User: bcrypt
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
user_checker: App\Security\UserChecker
anonymous: true
stateless: false
guard:
authenticators:
- App\Security\TokenAuthenticator
remember_me:
secret: '%kernel.secret%'
lifetime: 604800
path: /
form_login:
provider: fos_userbundle
check_path: fos_user_security_check
login_path: fos_user_security_login
csrf_token_generator: security.csrf.token_manager
logout:
path: fos_user_security_logout
target: /(%app_locales%)/login
access_denied_url: /(%app_locales%)/logout
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_TEAMLEAD: ROLE_CUSTOMER
ROLE_ADMIN: ROLE_TEAMLEAD
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: '^/(%app_locales%)/timesheet', role: ROLE_USER, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/timesheet', role: ROLE_ADMIN }
- { path: '^/(%app_locales%)/timesheet', roles: ROLE_NO_ACCESS }
- { path: '^/(%app_locales%)$', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/login', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/register', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/resetting', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/', roles: ROLE_USER, ip: [IP.IP.IP.IP] }
- { path: '^/api', roles: IS_AUTHENTICATED_REMEMBERED, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/login$', roles: ROLE_NO_ACCESS }
答案 0 :(得分:0)
您需要使用正确的参数在access_control
列表中提供注销路径。现在,您的/en/logout
已由角色ROLE_USER
和ip [IP.IP.IP.IP]
授权。您需要添加下一行:
access_control:
...
- { path: '^/(%app_locales%)/logout', roles: ROLE_USER }
...
如您所见,我删除了对IP地址的依赖,以在路径/en/logout
上进行授权。现在,它仅取决于用户的ROLE_USER
角色。
答案 1 :(得分:0)
我认为,在迈克尔发布的access_control
条目的顶部,您应该更改
access_denied_url: /(%app_locales%)/logout
进入
access_denied_url: fos_user_security_logout
这似乎是similar case
中的问题