每当权限不足的用户尝试访问页面时,我都会通过在security.yml 中设置access_denied_url到/login字段将其重定向到登录页面
我的安全yml
security:
encoders:
FOS'UserBundle'Model'UserInterface: bcrypt
access_denied_url: /login
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
form_login:
login_path: /login
check_path: /login_check
default_target_path: /
logout:
path: /logout
target: /
anonymous: ~
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/tc, role: ROLE_TC }
- { path: ^/operations, role: ROLE_OPERATIONS }
在我的小树枝模板中,我想获得用户试图访问的页面,那么我该怎么做呢?
我试着得到目标路径和参考路径如下,但它们都是空的
app.session.get('_security.secured_area.target_path')
app.request.headers.get('referer')
您必须使用use_referer。
这是我的security.yml文件:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
use_referer: true
logout: true
anonymous: true