当前位置: 动力学知识库 > 问答 > 编程问答 >

symfony2 - Anonymous token even if logged in in public pages

问题描述:

I'm having some trouble setting my security.

I want a page to be accessible both by anonymous and by logged in members. I want it to show different content depending on the situation (in fact, i want to still be logged in as a member when i go on it).

The page I want to give public access is ^/profile.

I set my security.yml like that :

jms_security_extra:

secure_all_services: false

expressions: true

security:

encoders:

Symfony\Component\Security\Core\User\User: plaintext

FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:

ROLE_ADMIN: ROLE_USER

ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:

fos_userbundle:

id: fos_user.user_provider.username_email

firewalls:

dev:

pattern: ^/(_(profiler|wdt)|css|images|js)/

security: false

# Firewall pour les pages de connexion, inscription, et récupération de mot de passe

login:

pattern: ^/(login$|register|resetting) # Les adresses de ces pages sont login, register et resetting

anonymous: true # On autorise bien évidemment les anonymes sur ces pages # Firewall principal pour le reste de notre site

public:

pattern: ^/profile

anonymous: true

homepage:

pattern: ^/$

anonymous: true

main:

pattern: ^/ # ^/ = tout ce qui commence par / = tout notre site

form_login: # On définit notre méthode d'authentification

provider: fos_userbundle # On lie l'authentification au provider définit plus haut

remember_me: true # On active la possibilité du "Se souvenir de moi" (désactivé par défaut)

remember_me:

key: %secret% # On définit la clé pour le remember_me (%secret% est un parametre de parameters.yml)

anonymous: false # On autorise les utilisateurs anonymes (non identifiés)

logout: true # On autorise la déconnexion manuelle (désactivé par défaut)

#anonymous: ~

#http_basic:

# realm: "Secured Demo Area"

access_control:

- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

My problem is that when I'm logged in and I access this page, it's like i'm not logged in (i've got my log in button) because the firewall give me an anonymous token.

thanks for your help.

Scaff

网友答案:

Common pitfalls in authentication:

Multiple firewalls don't share security context
If you're using multiple firewalls and you authenticate against one firewall, you will not be authenticated against any other firewalls automatically. Different firewalls are like different security systems. To do this you have to explicitly specify the same Firewall Context for different firewalls. But usually for most applications, having one main firewall is enough.

So put all under one main firewall and use ACLs as in the FOSUSerBundle installation step 4.

jms_security_extra:
secure_all_services: false
expressions: true

security:
    encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                remember_me: true
            logout:       true
            anonymous:    true
            remember_me:
                key: %secret%          

   access_control:
    - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/profile, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_USER }
网友答案:

IMO you are not quite correctly inserted the file, so I can not say for sure. But you probably have 2 firewall for one url. Its a main firewall

main: 
    pattern: ^/ 

and a public firewall

public:
    pattern: ^/profile

Try to specify only one firewall.

Quote from official documenation:

Multiple firewalls don't share security context If you're using multiple firewalls and you authenticate against one firewall, you will not be authenticated against any other firewalls automatically. Different firewalls are like different security systems. To do this you have to explicitly specify the same Firewall Context for different firewalls. But usually for most applications, having one main firewall is enough.

分享给朋友:
您可能感兴趣的文章:
随机阅读: