我的安全配置如下:yml文件
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/account, roles: ROLE_USER, requires_channel: https }
- { path: ^/form, roles: ROLE_USER, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
我能够登录,但当我改变回http。例如:
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: http }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: http }
- { path: ^/account, roles: ROLE_USER, requires_channel: http }
- { path: ^/form, roles: ROLE_USER, requires_channel: http }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: http }
或
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/account, roles: ROLE_USER }
- { path: ^/form, roles: ROLE_USER }
- { path: ^/admin, roles: ROLE_ADMIN }
我没有得到任何错误信息和登录不发生。
请让我知道是什么问题。我没有使用任何缓存,但我清除了缓存并重新启动了服务器。
metadata_cache_driver: array
query_cache_driver: array
result_cache_driver: array
请告诉我是什么问题。
EDIT 1
security:
firewalls:
secured_user_area:
pattern: ^/(forms|account)
provider: user_one
context: session
anonymous: ~
form_login:
check_path: login_check
login_path: login
default_target_path: dashboard
csrf_provider: form.csrf_provider
logout:
path: logout
target: login
remember_me:
name: _rem_me
key: "%secret%"
lifetime: 86400
path: /
domain: ~
secured_admin_area:
pattern: ^/admin
provider: user_two
context: session
anonymous: ~
form_login:
check_path: admin_login_check
login_path: admin_login
default_target_path: admin_dashboard
csrf_provider: form.csrf_provider
logout:
path: admin_logout
target: admin_login
remember_me:
name: _rem_me
key: "%secret%"
lifetime: 86400
path: /
domain: ~
public:
pattern: ^/
context: session
anonymous: ~
admin_login:
pattern: ^/admin/login
context: session
anonymous: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
providers:
user_one:
entity: { class: Achme'UserOneBundle'Entity'UserOne, property: mobile }
user_two:
entity: { class: Achme'UserTwoBundle'Entity'UserTwo, property: email }
#in_memory:
# memory:
# users:
# user: { password: userpass, roles: ['ROLE_USER'] }
# admin: { password: admin, roles: ['ROLE_SUPER_ADMIN'] }
encoders:
Symfony'Component'Security'Core'User'User: plaintext
Achme'UserOneBundle'Entity'UserOne: { algorithm: sha512, encode_as_base64: false, iterations: 10 }
Achme'UserTwoBundle'Entity'UserTwo: { algorithm: sha512, encode_as_base64: false, iterations: 10 }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/form, roles: ROLE_USER }
- { path: ^/admin, roles: ROLE_ADMIN }
问题已经解决
配置。Yml文件有问题
我更改了以下参数
cookie_secure: true
cookie_httponly: true
cookie_secure: false
cookie_httponly: false