在Symfony2安全性中重定向死循环
[英]Redirect loop of death in Symfony2 security
问题描述
I have an admin area with login that we are forcing to https://. 
我有一个登录管理区域,我们强制要求https://。 Hitting the route /admin should redirect to the login page if the user isn't logged in, but I'm getting an endless redirect loop. 如果用户没有登录,点击路由/管理员应该重定向到登录页面,但我得到一个无休止的重定向循环。 Not sure what's wrong, here's security.yml: 不知道出了什么问题,这是security.yml:
firewalls:
admin_login:
pattern: ^/admin/secured/login$
security: false
admin_secured_area:
pattern: ^/admin
provider: entity_admin
form_login:
check_path: /admin/secured/login_check
login_path: /admin/secured/login
default_target_path: /admin
logout:
path: /admin/secured/logout
target: /
access_control:
- { path: ^/admin/secured/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
Thanks for your help! 谢谢你的帮助!
5 个解决方案
解决方案1
7 2013-08-28 11:50:18
No need for a "admin_login" section in firewalls. 防火墙中不需要“admin_login”部分。 But it looks like you forgot anonymous parameter.. 但看起来你忘记了匿名参数..
firewalls:
admin_secured_area:
anonymous: ~
pattern: ^/admin
provider: entity_admin
form_login:
check_path: /admin/secured/login_check
login_path: /admin/secured/login
default_target_path: /admin
logout:
path: /admin/secured/logout
target: /
access_control:
- { path: ^/admin/secured/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
As I said in my comment, do you set ROLE_ADMIN role for logged users ? 正如我在评论中所说,您是否为已登录用户设置了ROLE_ADMIN角色?
EDIT: Does your routing state HTTPS channel too for admin section ? 编辑:您的路由是否也为管理部分说明了HTTPS频道?
解决方案2
4 2013-08-27 14:32:00
After quick look I would say that something like this below should be correct: 快速浏览后,我会说下面这样的内容应该是正确的:
firewalls:
admin_secured_area:
pattern: ^/admin
provider: entity_admin
form_login:
check_path: /admin/secured/login_check
login_path: /admin/secured/login
default_target_path: /admin
logout:
path: /admin/secured/logout
target: /
access_control:
- { path: ^/admin/secured/(login|login_check|logout)$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
Anyway, if this not help, I recommend to check the redirects with built-in profiler (tabs with route matches and logs), to turn it on the redirects change config_dev.yml to: 无论如何,如果这没有帮助,我建议使用内置探查器(带路由匹配和日志的选项卡)检查重定向,将其重定向更改为config_dev.yml :
web_profiler:
toolbar: true
intercept_redirects: true
解决方案3
3 已采纳 2013-09-03 16:55:37
Hi so this is related to the way that Symfony2 $request->isSecure() checks for SSL when the site is under a load balancer, there are some inconsistent header names in PHP. 嗨所以这与Symfony2 $request->isSecure()在站点处于负载均衡器下时检查SSL的方式有关,PHP中存在一些不一致的头名称。 The config file needs the following: 配置文件需要以下内容:
trusted_proxies: [10.0.0.0/8]
It now works, but I don't know if there are security issues with this setting though. 它现在有效,但我不知道这个设置是否存在安全问题。
解决方案4
2 2013-08-23 22:46:47
^/admin/secured/login_check应该通过匿名身份验证,因为用户在最初调用该页面时不会有角色,因此循环。
解决方案5
2 2013-08-30 14:20:37
Remove : 去掉 :
admin_login:
pattern: ^/admin/secured/login$
security: false
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.