Symfony2 FOSUserBundle身份验证
[英]Symfony2 FOSUserBundle authentication
问题描述
I've just configured FOSUserBundle bundle of Symfony2, and I've got a question to ask. 
我刚刚配置了Symfony2的FOSUserBundle捆绑包,还有一个问题要问。
Some of the URL's below allows access to configuration pages to everyone. 下面的某些URL允许所有人访问配置页面。 How can I limit this to only admin? 如何将其限制为仅管理员?
For instance, the page below shouldn't be visible to visitors/members without admin login. 例如,如果没有管理员登录,则访问者/成员不应该看到以下页面。
http://localhost/fosuser/web/app_dev.php/_profiler/search_bar
I ran the following command using terminal : php app/console router:debug 我使用终端运行以下命令: php app/console router:debug
_wdt ANY ANY ANY /_wdt/{token}
_profiler_home ANY ANY ANY /_profiler/
_profiler_search ANY ANY ANY /_profiler/search
_profiler_search_bar ANY ANY ANY /_profiler/search_bar
_profiler_purge ANY ANY ANY /_profiler/purge
_profiler_info ANY ANY ANY /_profiler/info/{about}
_profiler_phpinfo ANY ANY ANY /_profiler/phpinfo
_profiler_search_results ANY ANY ANY /_profiler/{token}/search/results
_profiler ANY ANY ANY /_profiler/{token}
_profiler_router ANY ANY ANY /_profiler/{token}/router
_profiler_exception ANY ANY ANY /_profiler/{token}/exception
_profiler_exception_css ANY ANY ANY /_profiler/{token}/exception.css
_configurator_home ANY ANY ANY /_configurator/
_configurator_step ANY ANY ANY /_configurator/step/{index}
_configurator_final ANY ANY ANY /_configurator/final
_twig_error_test ANY ANY ANY /_error/{code}.{_format}
user ANY ANY ANY /user/
user_show ANY ANY ANY /user/{id}/show
user_new ANY ANY ANY /user/new
user_create POST ANY ANY /user/create
user_edit ANY ANY ANY /user/{id}/edit
user_update POST|PUT ANY ANY /user/{id}/update
user_delete POST|DELETE ANY ANY /user/{id}/delete
custom_user_homepage ANY ANY ANY /hello/{name}
homepage ANY ANY ANY /app/example
1 个解决方案
解决方案1
1 已采纳 2015-08-02 16:24:36
By default in symfony all _profiler urls are managed in the dev firewall with pattern ^/(_(profiler|wdt|error)|css|images|js)/ , this you can see in your app/config/security.yml file. 默认情况下,在symfony中,所有_profiler URL都在dev防火墙中以^/(_(profiler|wdt|error)|css|images|js)/ ,您可以在app/config/security.yml文件中看到。 As you will see they have no associated security. 如您所见,它们没有关联的安全性。 This is normal as they will not be accessible in production. 这是正常现象,因为在生产中将无法访问它们。
If however you still need to check those URLs feel free to add some security configuration to that firewall bearing in mind it will also affect other matched URLs such as _error or css so you might want to create a new specific firewall just for _profiler routes. 但是,如果仍然需要检查这些URL,请记住向该防火墙添加一些安全配置,这也会影响其他匹配的URL,例如_error或css因此您可能只想为_profiler路由创建一个新的特定防火墙。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.