最受欢迎

Symfony 2.8-如何为任何URL配置防火墙

Symfony 2.8 - How to configure a firewall for any URL?

本文关键字:任何 URL 配置 防火墙 Symfony | 更新日期: 2023-09-27

每当我故意尝试自定义错误页面,试图访问未定义的路由时,服务器都会发出500错误。日志显示:

request.CRITICAL:处理异常时引发异常(Symfony''Component''Security''Core''Exception''AuthenticationCredentialsNotFoundException:令牌存储不包含身份验证令牌。一个可能的原因可能是没有为此URL配置防火墙

此异常是在NotFoundException之后引发的,因此出现500错误。因此,我试图弄清楚如何为任何URL配置防火墙,尤其是为所有已经被防火墙处理的人配置防火墙,这样才能真正找到凭据。我想到了这个UserBundle/Resources/config/security.yml:

security:
encoders:
    FOS'UserBundle'Model'UserInterface: sha512
providers:
    fos_userbundle:
        id: fos_user.user_provider.username
firewalls:
    dev:
        pattern: ^/(_(profiler|wdt))/
        security: false
    public:
        pattern:                    ^/(contact/faq)$
        anonymous:                  true
    secure:
        pattern:                    ^/
        form_login:
            provider:               fos_userbundle
            csrf_token_generator:   security.csrf.token_manager
            login_path:             fos_user_security_login
            check_path:             fos_user_security_check
            use_forward:            false
            failure_path:           null
            default_target_path:    /
            remember_me:            true
        logout:
            path:                   fos_user_security_logout
            target:                 /
        anonymous:                  true
        remember_me:
            secret:                 %secret%
            name:                   whatev
            lifetime:               31536000
            path:                   /
            remember_me_parameter:  _remember_me
            secure:                 true
            always_remember_me:     true
    default:
        anonymous: true

所有内容都导入到我的主安全文件中,该文件包括:

imports:
- { resource: "@UserBundle/Resources/config/security.yml" }
security:
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY } # my try to match all routes...
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/administration/, role: ROLE_ADMIN }
    - { path: ^/user$, role: IS_AUTHENTICATED_FULLY }

这是我在app/Resources/TwigBundle/views/Exception:下的错误.html

<!DOCTYPE html>
<html>
    <head>
        <meta charset="{{ _charset }}" />
        <title>An Error Occurred: {{ status_text }}</title>
    </head>
    <body>
        <h1>Oops! An Error Occurred</h1>
        <h2>The server returned a "{{ status_code }} {{ status_text }}".</h2>
        <div>
            Something is broken. Please let us know what you were doing when this error occurred.
            We will fix it as soon as possible. Sorry for any inconvenience caused.
        </div>
    </body>
</html>

有关于如何进行的线索吗?

非常感谢。

正如Federico所指出的,该问题来自试图执行的事件侦听器

public function add(Request $request)
{
    if($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
        /* do stuff considering the user is logged in.
        ** This is wrong ; we can end up here while having a logged out user.
        */

当然,仔细想想,这似乎很愚蠢。只需确保您确实可以在安全上下文上调用isGranted()就可以解决整个问题。要对此进行检查,您必须验证:

  1. 安全上下文的令牌不为null
  2. 该令牌的用户是用户实体的一个实例(用户实际上已登录)

这将上述方法更改为:

public function add(Request $request)
{
    if($this->securityContext->getToken() === null)
        return false;
    if(!$this->securityContext->getToken()->getUser() instanceof User)
        return false;
    if($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
        // do stuff considering the user is logged in.
相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习