[英]More than one firewall at Symfony2 project security.yml, how to deal with pattern?
I am working in a project where I will need two firewalls or secured areas. 我正在一个需要两个防火墙或安全区域的项目中工作。 The first firewall/secured area will allow login/logout using HWIOAuthBundle using Salesforce as provider, the second firewall/secured area will allow login/logout through FOSUserBundle since this is for internal sysadmin and so on. 第一个防火墙/安全区域将允许使用Salesforce作为提供者的HWIOAuthBundle登录/注销,第二个防火墙/安全区域将允许通过FOSUserBundle登录/注销,因为这是针对内部sysadmin的,依此类推。 I have a doubt trying to get security.yml
file well setup since I don't know how to deal with pattern
parameter. 我不确定如何正确设置security.yml
文件,因为我不知道如何处理pattern
参数。 I have read Security reference but have not idea in how to do this. 我已经阅读了安全参考,但对如何执行此操作一无所知。 This is what I have at the moment: 这是我目前所拥有的:
firewalls:
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/
anonymous: ~
How should I configure pattern
in that case? 在这种情况下应如何配置pattern
?
Update: firewalls not working 更新:防火墙不起作用
This is how the firewalls section looks after users answer: 这是用户回答后防火墙部分的样子:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
post_only: true
always_use_default_target_path: true
target_path_parameter: _target_path
use_referer: false
failure_path: null
failure_forward: false
logout:
path: fos_user_security_logout
target: /
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
But if I try http://appdev.local/app_dev.php/admin/
I got this error: 但是,如果我尝试http://appdev.local/app_dev.php/admin/
收到此错误:
InvalidConfigurationException in BaseNode.php line 313: Invalid configuration for path "security.firewalls.admin_area": The check_path "/login_check" for login method "form_login" is not matched by the firewall pattern "^/admin". BaseNode.php行313中的InvalidConfigurationException:路径“ security.firewalls.admin_area”的无效配置:登录方式“ form_login”的check_path“ / login_check”与防火墙模式“ ^ / admin”不匹配。
Why? 为什么?
Edit 2: what about if have FOSUserBundle && HWIOAuth work together? 编辑2:如果FOSUserBundle和&HWIOAuth是否可以一起工作,该怎么办?
As additional info and I forgot to tell this from the very beginning, I have and need FOSUserBundle && HWIOAuth installed and I am trying to get both working as should be. 作为其他信息,我从一开始就忘了告诉我,我已经并且需要安装FOSUserBundle && HWIOAuth,并且我正试图使两者都能正常工作。 In that case this is how my routing.yml
looks like: 在这种情况下,这是我的routing.yml
样子:
#HWIOAuthBundle
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
salesforce_login:
pattern: /login/check-salesforce
#PDOne
pd_one:
resource: "@PDOneBundle/Controller/"
type: annotation
prefix: /
template:
resource: "@TemplateBundle/Controller/"
type: annotation
prefix: /
#FOSUserBundle
fos_user:
resource: "@FOSUserBundle/Resources/config/routing/all.xml"
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
#SonataAdmin
admin:
resource: '@SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
prefix: /admin
_sonata_admin:
resource: .
type: sonata_admin
prefix: /admin
How I should deal with prefix between FOSUserBundle && HWIOAuth? 我应该如何处理FOSUserBundle和&HWIOAuth之间的前缀?
Just simply 只是简单
firewalls:
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
It's a regex telling symfony that all routes ^
(beginning) with /
follow this rule. 这是一个正则表达式,告诉symfony所有以/
开头的路由^
(开始)都遵循此规则。 Or /admin
follow another rule. 或/admin
遵循另一个规则。 The firewall will always follow whatever rule it matches first. 防火墙将始终遵循首先匹配的任何规则。 So your admin rule must come first or else it won't work. 因此,您的管理员规则必须排在第一位,否则它将不起作用。
Edit 编辑
In your routes settings where you add in the security routes for FOS UserBundle try having /admin appended as a prefix. 在添加FOS UserBundle安全路由的路由设置中,尝试将/ admin附加为前缀。 Could be because /admin is your rule but the route being generated for login is host.com/login
instead of host.com/admin/login
可能是因为/ admin是您的规则,但为登录生成的路由是host.com/login
而不是host.com/admin/login
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.