使用access_denied_url对未经授权的页面进行Symfony2重定向
[英]Symfony2 Redirection for unauthorised page with access_denied_url
问题描述
I'm trying to use the access_denied_url parameter in security.yml 
我正在尝试在security.yml使用access_denied_url参数
The problem is that... it does nothing. 问题是……它什么都不做。 When I access to /mon-equipement as anonymous, it keeps redirecting me to /login 当我以匿名身份访问/mon-equipement ,它将始终将我重定向到/login
Here is my security.yml file : 这是我的security.yml文件:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
always_use_default_target_path: false
default_target_path: /mon-equipement
target_path_parameter: _target_path
use_referer: false
logout: true
anonymous: true
access_denied_url: /
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/mon-equipement, role: ROLE_USER }
- { path: ^/admin/, role: ROLE_ADMIN }
I'm using FOSUserBundle with Symfony2.3.16 我在Symfony2.3.16中使用FOSUserBundle
2 个解决方案
解决方案1
4 2014-09-10 11:08:29
I think your access_controll section should looks like this: 我认为您的access_controll部分应如下所示:
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
# ... here the other routes
Your problem: It redirects you on the / page, but you have no access to this page. 您的问题:它将在/页面上重定向您,但您无权访问此页面。 Therefore it redirects you on the login page. 因此,它将在登录页面上重定向您。
UPDATE: 更新:
You can also define access_denied_url for all firewalls: 您还可access_denied_url所有防火墙定义access_denied_url :
# app/config/security.yml
security:
access_denied_url: /
解决方案2
3 已采纳 2015-03-13 15:11:22
First you have to know that access_denied_url is only redirecting non anonymous users. 首先,您必须知道access_denied_url仅重定向非匿名用户。 For instance it will redirecte a user with ROLE_MEMBER if it tries to acces a page whose path is only for ROLE_ADMIN. 例如,如果尝试访问仅路径为ROLE_ADMIN的页面,它将使用ROLE_MEMBER重定向用户。
Here the solution: 这里的解决方案:
You have to create a service ( my_entry_point ) that will be triggered at the entry-point listener (see security.yml below) and which will redirect the user to the page you want ( target_page_for_redirection ) 您必须创建一个服务( my_entry_point ),该服务将在入口点侦听器处触发(请参阅下面的security.yml),该服务会将用户重定向到您想要的页面( target_page_for_redirection )
# app/config/security.yml
security:
firewalls:
main:
entry_point: my_entry_point # listener triggered if no token is set while an authentification is needed (access_control)
pattern: ^/
. 。
#src/Acme/UserBundle/Ressources/Config/services.yml
service
my_entry_point:
class: Acme\UserBundle\Redirection\EntryPointRedirection
arguments: [@router] #needed for URL redirection
. 。
<?php
namespace Acme\UserBundle\Redirection;
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface,
Symfony\Component\HttpFoundation\Request,
Symfony\Component\HttpFoundation\RedirectResponse;
class EntryPointRedirection implements AuthenticationEntryPointInterface
{
protected $router;
public function __construct($router)
{
$this->router = $router;
}
public function start(Request $request, AuthenticationException $authException = null)
{
return new RedirectResponse($this->router->generate('target_page_for_redirection'));
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.