Symfony2项目security.yml上有多个防火墙，如何处理模式？

Question

I am working in a project where I will need two firewalls or secured areas. 我正在一个需要两个防火墙或安全区域的项目中工作。 The first firewall/secured area will allow login/logout using HWIOAuthBundle using Salesforce as provider, the second firewall/secured area will allow login/logout through FOSUserBundle since this is for internal sysadmin and so on. 第一个防火墙/安全区域将允许使用Salesforce作为提供者的HWIOAuthBundle登录/注销，第二个防火墙/安全区域将允许通过FOSUserBundle登录/注销，因为这是针对内部sysadmin的，依此类推。 I have a doubt trying to get security.yml file well setup since I don't know how to deal with pattern parameter. 我不确定如何正确设置security.yml文件，因为我不知道如何处理pattern参数。 I have read Security reference but have not idea in how to do this. 我已经阅读了安全参考，但对如何执行此操作一无所知。 This is what I have at the moment: 这是我目前所拥有的：

firewalls:
        #this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
        rep_area:
            methods: [GET, POST]
            pattern: ^/
            anonymous: true
            logout: true

        #this is the secured area accessed through web browser and only internals are allowed to login
        admin_area:
            pattern:    ^/
            anonymous:    ~

How should I configure pattern in that case? 在这种情况下应如何配置pattern ？

Update: firewalls not working 更新：防火墙不起作用

This is how the firewalls section looks after users answer: 这是用户回答后防火墙部分的样子：

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    #this is the secured area accessed through web browser and only internals are allowed to login
    admin_area:
        pattern:    ^/admin
        anonymous:    ~
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            login_path: /login
            check_path: /login_check
            post_only: true
            always_use_default_target_path: true
            target_path_parameter: _target_path
            use_referer: false
            failure_path: null
            failure_forward: false
        logout:
            path:   fos_user_security_logout
            target: /

    #this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
    rep_area:
        methods: [GET, POST]
        pattern: ^/
        anonymous: true
        logout: true

But if I try http://appdev.local/app_dev.php/admin/ I got this error: 但是，如果我尝试http://appdev.local/app_dev.php/admin/收到此错误：

InvalidConfigurationException in BaseNode.php line 313: Invalid configuration for path "security.firewalls.admin_area": The check_path "/login_check" for login method "form_login" is not matched by the firewall pattern "^/admin". BaseNode.php行313中的InvalidConfigurationException：路径“ security.firewalls.admin_area”的无效配置：登录方式“ form_login”的check_path“ / login_check”与防火墙模式“ ^ / admin”不匹配。

Why? 为什么？

Edit 2: what about if have FOSUserBundle && HWIOAuth work together? 编辑2：如果FOSUserBundle和＆HWIOAuth是否可以一起工作，该怎么办？

As additional info and I forgot to tell this from the very beginning, I have and need FOSUserBundle && HWIOAuth installed and I am trying to get both working as should be. 作为其他信息，我从一开始就忘了告诉我，我已经并且需要安装FOSUserBundle && HWIOAuth，并且我正试图使两者都能正常工作。 In that case this is how my routing.yml looks like: 在这种情况下，这是我的routing.yml样子：

#HWIOAuthBundle
hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /connect

hwi_oauth_login:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix:   /login

salesforce_login:
    pattern: /login/check-salesforce

#PDOne
pd_one:
    resource: "@PDOneBundle/Controller/"
    type:     annotation
    prefix:   /

template:
    resource: "@TemplateBundle/Controller/"
    type:     annotation
    prefix:   /

#FOSUserBundle
fos_user:
    resource: "@FOSUserBundle/Resources/config/routing/all.xml"
fos_user_security:
    prefix: /admin
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

#SonataAdmin
admin:
    resource: '@SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
    prefix: /admin

_sonata_admin:
    resource: .
    type: sonata_admin
    prefix: /admin

How I should deal with prefix between FOSUserBundle && HWIOAuth? 我应该如何处理FOSUserBundle和＆HWIOAuth之间的前缀？

Answer 1

Just simply 只是简单

firewalls:
    #this is the secured area accessed through web browser and only internals are allowed to login
            admin_area:
                pattern:    ^/admin
                anonymous:    ~

        #this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
        rep_area:
            methods: [GET, POST]
            pattern: ^/
            anonymous: true
            logout: true

It's a regex telling symfony that all routes ^ (beginning) with / follow this rule. 这是一个正则表达式，告诉symfony所有以/开头的路由^ （开始）都遵循此规则。 Or /admin follow another rule. 或/admin遵循另一个规则。 The firewall will always follow whatever rule it matches first. 防火墙将始终遵循首先匹配的任何规则。 So your admin rule must come first or else it won't work. 因此，您的管理员规则必须排在第一位，否则它将不起作用。

Edit 编辑

In your routes settings where you add in the security routes for FOS UserBundle try having /admin appended as a prefix. 在添加FOS UserBundle安全路由的路由设置中，尝试将/ admin附加为前缀。 Could be because /admin is your rule but the route being generated for login is host.com/login instead of host.com/admin/login 可能是因为/ admin是您的规则，但为登录生成的路由是host.com/login而不是host.com/admin/login

fos_user_security:
    prefix: /admin
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

Symfony2项目security.yml上有多个防火墙，如何处理模式？

问题描述

1 个解决方案

解决方案1
1 已采纳 2015-05-01 14:00:53

Symfony2项目security.yml上有多个防火墙，如何处理模式？

问题描述

1 个解决方案

解决方案1 1 已采纳 2015-05-01 14:00:53

解决方案1
1 已采纳 2015-05-01 14:00:53