堆栈内存溢出
  简体   繁体   English

Symfony2>在公共路由中使用安全上下文(可能的替代方法)

[英]Symfony2 > Use Security Context in Public Route (possible alternative)

 原文  2013-12-21 10:41:14       php/ security/ symfony

问题描述

I have a function UserController:saveUserAction() . 我有一个功能UserController:saveUserAction() This function is being used throughout my system WHENEVER a User Entity needs to be created or modified. 每当需要创建或修改用户实体时,整个系统都会使用此功能。 This can happen from three places: 这可能发生在三个地方:

1) Admin Panel → User Administration (System Admin can create/modify users). 1)管理面板→用户管理(系统管理员可以创建/修改用户)。
2) Members Dashboard → My Details (User can edit his own details). 2)成员仪表板→我的详细信息(用户可以编辑自己的详细信息)。
3) Registration (Non-users can sign up and a user is created for them). 3)注册(非用户可以注册并为他们创建一个用户)。

Now there are certain fields that may ONLY be set by an administrator, for instance, the USER_ROLE. 现在,某些字段只能由管理员设置,例如USER_ROLE。 (I do not want someone who is registering 'hacking' the system and signing themselves up as an administrator). (我不希望有人注册“黑客”该系统并以管理员身份注册自己)。 Normally if ($this->get('security.context')->isGranted('ROLE_ADMIN')) works fine to determine if the user is an administrator, but seeing as the route to saveUser() is public (in order to facilicate public registrations), I am getting the error: 通常, if ($this->get('security.context')->isGranted('ROLE_ADMIN'))可以很好地确定用户是否为管理员,但可以认为到saveUser()的路径是公共的(为了促进公共注册),我得到了错误:

The security context contains no authentication token. One possible reason may be that there is no firewall configured for this URL.

Is there a way to user the security context on a public route or is there some kind of alternative other than checking manually what roles the logged in user (if any logged in user) has, because this is quite lumbersome as can be seen at Symfony2 > Easier way to determine access 除了手动检查已登录用户(如果有已登录用户)具有什么角色之外,是否有办法在公共路径上使用安全上下文,或者是否存在某种替代方法,因为这在Symfony2上非常笨拙>更轻松地确定访问权限

1 个解决方案

解决方案1
 1 已采纳  2013-12-21 10:50:57

I have found a solution. 我找到了解决方案。 I placed the route under my firewall and placed an exception in security.yml that the specific route is authenticated anonymously. 我将路由放置在防火墙下,并在security.yml中放置了一个例外,即该特定路由已通过匿名身份验证。 :) :)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Javascript中使用Symfony2路由 - Use Symfony2 route in Javascript Symfony2初学者安全上下文问题 - Symfony2 Beginner Security Context Issue 在symfony2中刷新security.context - refresh security.context in symfony2 是否可以在Symfony2中覆盖路由处理程序? - Is it possible to override a route handler in Symfony2? 如何在Symfony2中使用应用程序/资源/公共 - How to use app/Resources/public in Symfony2 设置Symfony2 security.context登录后的用户数据 - Setting Symfony2 security.context User data after login Symfony2:在实体类中获取security.context - Symfony2 : get security.context inside entity class Symfony2 FOSUserBundle安全 - Symfony2 FOSUserBundle security Symfony2-安全认证 - Symfony2 - Security authentication Symfony2 AuthenticationCredentialsNotFoundException @Route - Symfony2 AuthenticationCredentialsNotFoundException @Route
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM