[英]Symfony 2.8 - How to configure a firewall for any URL?
Whenever I deliberately - trying to custom error pages - try to access an undefined route, the server responds by a 500 error. 每当我故意 - 尝试自定义错误页面 - 尝试访问未定义的路由时,服务器会响应500错误。 Logs say :
日志说:
request.CRITICAL: Exception thrown when handling an exception (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException: The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL .
request.CRITICAL:处理异常时抛出异常(Symfony \\ Component \\ Security \\ Core \\ Exception \\ AuthenticationCredentialsNotFoundException: 令牌存储不包含身份验证令牌。一个可能的原因可能是没有为此URL配置防火墙 。
This exception is thrown after the NotFoundException, hence the 500 error. NotFoundException之后抛出此异常,因此出现500错误。 Thus, I tried to figure out how to configure a firewall for any URL, and more particularly for all of those who are already handled by a firewall, so that the credentials can actually be found.
因此,我试图弄清楚如何为任何URL配置防火墙,尤其是对于已经由防火墙处理过的所有人,以便实际可以找到凭据。 I came up to this UserBundle/Resources/config/security.yml :
我来到这个UserBundle / Resources / config / security.yml :
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt))/
security: false
public:
pattern: ^/(contact/faq)$
anonymous: true
secure:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
login_path: fos_user_security_login
check_path: fos_user_security_check
use_forward: false
failure_path: null
default_target_path: /
remember_me: true
logout:
path: fos_user_security_logout
target: /
anonymous: true
remember_me:
secret: %secret%
name: whatev
lifetime: 31536000
path: /
remember_me_parameter: _remember_me
secure: true
always_remember_me: true
default:
anonymous: true
Everything's imported in my main security file, which consists of : 所有内容都在我的主安全文件中导入,其中包括:
imports:
- { resource: "@UserBundle/Resources/config/security.yml" }
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY } # my try to match all routes...
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/administration/, role: ROLE_ADMIN }
- { path: ^/user$, role: IS_AUTHENTICATED_FULLY }
Here is my error.html.twig under app/Resources/TwigBundle/views/Exception : 这是app / Resources / TwigBundle / views / Exception下的error.html.twig:
<!DOCTYPE html>
<html>
<head>
<meta charset="{{ _charset }}" />
<title>An Error Occurred: {{ status_text }}</title>
</head>
<body>
<h1>Oops! An Error Occurred</h1>
<h2>The server returned a "{{ status_code }} {{ status_text }}".</h2>
<div>
Something is broken. Please let us know what you were doing when this error occurred.
We will fix it as soon as possible. Sorry for any inconvenience caused.
</div>
</body>
</html>
Any clue on how to proceed? 有关如何进行的任何线索?
Thanks a lot. 非常感谢。
As pointed out by Federico, the issue comes from an event listener that was trying to execute : 正如Federico所指出的,问题来自于一个试图执行的事件监听器 :
public function add(Request $request)
{
if($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
/* do stuff considering the user is logged in.
** This is wrong ; we can end up here while having a logged out user.
*/
Of course, when thinking twice about it, it seems dumb. 当然,在考虑它时,它似乎是愚蠢的。 Simply fix the whole problem by ensuring that you can indeed call isGranted() on the security context.
通过确保您确实可以在安全上下文中调用isGranted()来解决整个问题。 To check this, you have to verify that :
要检查这一点,您必须验证:
This changes the above method to : 这会将上述方法更改为:
public function add(Request $request)
{
if($this->securityContext->getToken() === null)
return false;
if(!$this->securityContext->getToken()->getUser() instanceof User)
return false;
if($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
// do stuff considering the user is logged in.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.