我正在Symfony 2.6上制作一个身份验证系统。注册过程有效。当我尝试登录时,我已经登录,并且我有"ROLE_USER",但探查器说我没有经过身份验证。我不明白发生了什么。这是用户实体:
<?php
namespace AppBundle'Entity;
use Doctrine'ORM'Mapping as ORM;
use Symfony'Component'Validator'Constraints as Assert;
use Symfony'Bridge'Doctrine'Validator'Constraints'UniqueEntity;
use Symfony'Component'Security'Core'User'UserInterface;
/**
* User
*
* @ORM'Table(name="baseuser")
* @ORM'Entity(repositoryClass="AppBundle'Repository'UserRepository")
* @UniqueEntity("email", message="error.user.email.taken")
*/
class User implements UserInterface, 'Serializable
{
/**
* @var integer
*
* @ORM'Column(name="id", type="integer")
* @ORM'Id
* @ORM'GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @var string
*
* @ORM'Column(name="email", type="string", length=255, unique=true)
*/
private $email;
/**
* @var string
*
* @ORM'Column(name="username", type="string", length=70, nullable=true)
*/
private $username;
/**
* @var string
*
* @ORM'Column(name="password", type="string", length=128)
* @Assert'Length(max = 4096)
*/
private $password;
/**
* @var string
*
* @ORM'Column(name="salt", type="string", length=64)
*/
private $salt;
/**
* @var string
*
* @ORM'Column(name="picture", type="string", length=100, nullable=true)
*/
private $picture;
/**
* @var string
*
* @ORM'Column(name="address", type="string", length=100, nullable=true)
*/
private $address;
/**
* @var string
*
* @ORM'Column(name="zipcode", type="string", length=10, nullable=true)
*/
private $zipcode;
/**
* @var string
*
* @ORM'Column(name="city", type="string", length=50, nullable=true)
*/
private $city;
/**
* @var integer
*
* @ORM'Column(name="country", type="integer", nullable=true)
*/
private $country;
/**
* @var 'DateTime
*
* @ORM'Column(name="birthdate", type="date", nullable=true)
*/
private $birthdate;
/**
* @var string
*
* @ORM'Column(name="occupation", type="string", length=50, nullable=true)
*/
private $occupation;
/**
* @var string
*
* @ORM'Column(name="about", type="text", nullable=true)
*/
private $about;
/**
* @var string
*
* @ORM'Column(name="token", type="string", length=15, unique=true)
*/
private $token;
/**
* @var boolean
*
* @ORM'Column(name="is_active", type="boolean")
*/
private $isActive;
/**
* @var boolean
*
* @ORM'Column(name="roles", type="integer")
*/
private $roles;
/**
* @var 'DateTime
*
* @ORM'Column(name="created_at", type="datetime")
*/
private $createdAt;
/**
* @var 'DateTime
*
* @ORM'Column(name="updated_at", type="datetime")
*/
private $updatedAt;
public function __construct()
{
$datetime = new 'DateTime();
$this->createdAt = $datetime;
$this->updatedAt = $datetime;
$this->token = base_convert(time(), 10, 36).'AppBundle'Library'StringHelper::randomString(5, "lower");
$this->salt = 'AppBundle'Library'StringHelper::randomString();
$this->isActive = true;
$this->roles = 1;
}
/**
* @inheritDoc
*/
public function eraseCredentials()
{
}
/**
* Return the roles
*
*/
public function getRoles() {
switch ($this->roles) {
case 1:
$role = 'ROLE_USER';
break;
case 2:
$role = 'ROLE_ADMIN';
break;
case 3:
$role = 'ROLE_SUPER_ADMIN';
break;
default:
$role = 'ROLE_USER';
break;
}
return array($role);
}
/**
* Set the roles
*
* @param $roles
*/
public function setRoles($roles) {
$this->roles = $roles;
return $this;
}
/**
* @see 'Serializable::serialize()
*/
public function serialize()
{
return serialize(array(
$this->id,
$this->email,
$this->password
));
}
/**
* @see 'Serializable::unserialize()
*/
public function unserialize($serialized)
{
list (
$this->id,
$this->email,
$this->password,
) = unserialize($serialized);
}
}
这是我的安全。yml:
security:
encoders:
AppBundle'Entity'User:
algorithm: bcrypt
cost: 15
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
administrators:
entity: { class: AppBundle:User, property: email }
firewalls:
main:
pattern: ^/
anonymous: ~
form_login: ~
logout: ~
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
我不知道问题出在哪里,知道吗?
问候
class用户必须实现EquatableInterface并实现如下方法:
public function isEqualTo(UserInterface $user)
{
return $this->id === $user->getId();
}
我终于想通了。首先,您需要一个用户名,并且它不能为空。所以我更改了方法getUsername(),使其返回电子邮件地址。然后,我把我的证券yml改成这样:
security:
encoders:
AppBundle'Entity'User:
algorithm: bcrypt
cost: 13
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
users:
entity: { class: AppBundle:User, property: email }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
pattern: ^/
anonymous: ~
form_login: ~
logout: ~
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
我也有同样的症状,这是因为我正在尝试一个没有角色的用户。
如果用户至少有一个角色,探查器似乎会认为他已通过身份验证。
以下是剖析器详细信息中所说的内容:
用户未通过身份验证,可能是因为他们没有角色。
即使他具有IS_AUTHENTICATED_FULLY和/或IS_AUTHENTICATED_REMEMBERED的伪角色。
security.yml:中删除了dev防火墙
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
确保在任何其他防火墙之前插入。。。
请参阅原始的安全性。yml