Symfony2初学者安全上下文问题
[英]Symfony2 Beginner Security Context Issue
问题描述
Up until recently I have had an area open to the public (/ and /whatever) and a secured area that required ROLE_USER (/portal and /portal/whatever). 
直到最近,我还对公众开放了一个区域(/和/无论如何),并且有一个需要ROLE_USER的安全区域(/ portal和/ portal /任何)。 Now I want to create an admin area inside my secured area which would require ROLE_ADMIN. 现在,我想在我的安全区域内创建一个需要ROLE_ADMIN的管理区域。 (/portal/admin and /portal/admin/whatever). (/ portal / admin和/ portal / admin /任何)。
I have security.yml looks as follows: 我有security.yml如下所示:
firewalls:
login_firewall:
pattern: ^/portal/login$
anonymous: ~
secured_area:
pattern: ^/portal
form_login:
login_path: portal_login
check_path: login_check
default_target_path: portal_dashboard
logout:
path: portal_logout
target: portal_dashboard
http_basic:
realm: "MyFreelancer Client Portal"
access_control:
- { path: ^/portal/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/portal/, roles: ROLE_USER }
- { path: ^/portal/admin, roles: ROLE_ADMIN }
I have just added the third line. 我刚刚添加了第三行。 My problem is that a user with ROLE_USER can still access ^/portal/admin. 我的问题是具有ROLE_USER的用户仍然可以访问^ / portal / admin。 Could someone please explain to me why this does not work? 有人可以向我解释为什么这行不通吗?
An alternative is to have the admin area under /admin and /admin/whatever, but this requires a completely different firewall context and I am not quite sure how to do that. 一种替代方法是在/ admin和/ admin / whatever下放置admin区域,但这需要完全不同的防火墙上下文,我不太确定该怎么做。 I tried, but it kept taking me back to /portal/ and when I browse to /admin/ it asks to log in again and then takes me back to /portal/ again (endless loop). 我尝试了一下,但是它一直使我回到/ portal /,当我浏览到/ admin /时,它要求再次登录,然后再次回到/ portal /(无限循环)。
If, as an ancilliary answer, you could explain to me the pro's and con's of single firewall context for user area and admin area vs seperate firewall contexts and how this is implemented (if necessary)? 如果作为一个辅助的回答,您可以向我解释用户区域和管理区域的单个防火墙上下文与单独的防火墙上下文的优缺点,以及如何实现(如有必要)?
Thank you in advance. 先感谢您。
UPDATE: I have found that simply swopping the two bottom lines fixes the problem, as it runs through them sequetially and thus /portal/admin/ got run against the second line, which only requires ROLE_USER. 更新:我发现只需扫一下两条底线就可以解决此问题,因为它顺序地遍历了底线,因此/ portal / admin /相对于第二条线运行,只需要ROLE_USER。 If someone could still give me some insight on whether it would be better to run the admin area on a seperate firewall context or not and why, and if so, how? 如果有人仍然可以给我一些见识,那就是在单独的防火墙上下文上运行管理区域是否会更好,为什么?如果可以,怎么办?
1 个解决方案
解决方案1
0 已采纳 2013-12-10 18:28:25
When setting up your access_control, make sure that your routes are in such an order that a route will not match one of the routes above. 设置access_control时,请确保您的路由的顺序与上述任一路由都不匹配。 For instance, place ^/admin/login/ above ^/admin/, otherwise the first match (which would be ^/admin/) will be triggered. 例如,将^ / admin / login /放在^ / admin /上方,否则将触发第一个匹配项(即^ / admin /)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.