[英]Symfony security redirect to login page
If I have a secured route, let's say like panel
from below, Symfony will allow access only to logged in users. 如果我有一个安全路线,让我们说下面的
panel
,Symfony将只允许登录用户访问。
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/panel, role: ROLE_USER }
For users that are not logged in it will always redirect them to the login_path (I'm using FOSUserBundle): 对于未登录的用户,它总是将它们重定向到login_path(我正在使用FOSUserBundle):
security:
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
Where can I disable or override this redirect? 我在哪里可以禁用或覆盖此重定向? I want to show a login form directly, without redirecting the user.
我想直接显示登录表单,而不重定向用户。
I believe it has to do with AccessDeniedHandlerInterface
, but what key needs to be overwritten in security.yml? 我相信它与
AccessDeniedHandlerInterface
,但是在security.yml中需要覆盖哪些密钥? And where is the default implementation? 默认实现在哪里?
For other situations we have DefaultLogoutSuccessHandler, DefaultAuthenticationFailureHandler, DefaultAuthenticationSuccessHandler
and we can implement a service for each of these situations, that extends their respective interfaces and can handle the situation in a custom manner. 对于其他情况,我们有
DefaultLogoutSuccessHandler, DefaultAuthenticationFailureHandler, DefaultAuthenticationSuccessHandler
,我们可以为每种情况实现一个服务,扩展它们各自的接口并以自定义方式处理这种情况。 Can't find anything for AccessDenied, though. 但是,找不到AccessDenied的任何内容。 Its directory contains only the interface.
其目录仅包含接口。
I would do this manually. 我会手动完成这个。
Make your route accessible by anonymous: 通过匿名访问您的路线:
- { path: ^/panel, role: [IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER] }
In your template, check if there is a logged in user: 在模板中,检查是否有登录用户:
{% if app.user is null %}
<!-- Then display your login form -->
{% else %}
<!-- Display the normal view -->
{% endif %}
Or do it from the controller: 或者从控制器执行:
if (!is_object($this->get('security.token_storage')->getToken()->getUser())) {
// Render the login form
}
Like this, you can make your logic depending on that the user is authenticated or not. 像这样,您可以根据用户的身份验证来制作逻辑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.