堆栈内存溢出
  简体   繁体   English

Symfony 3安全-Access_control不适用于一种路由

[英]Symfony 3 security - Access_control doesn't work for one route

 原文  2017-08-04 09:37:20       php/ symfony/ security/ routing/ roles

问题描述

I'm currently working on a PDF generator, but I'm having a problem accessing the url. 我目前正在使用PDF生成器,但是访问URL时遇到问题。

Anyone should be able to download the PDF. 任何人都应该能够下载PDF。 In my security.yml I currently have this: 在我的security.yml中,我目前有: 

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: bcrypt

    role_hierarchy: ~

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_token_generator: security.csrf.token_manager
            logout:       true
            anonymous:    true

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/gc/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, role: ROLE_USER }
        - { path: ^/, role: ROLE_USER }

I would like people to have access to the following url: /admin/maintenance/pdf/{id} 我希望人们可以访问以下网址: /admin/maintenance/pdf/{id}

So I added the following line: 因此,我添加了以下行: 

access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/gc/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, role: ROLE_USER }
        - { path: ^/, role: ROLE_USER }
        - { path: ^/admin/maintenance/pdf/$, role: [ROLE_USER,IS_AUTHENTICATED_ANONYMOUSLY] }

But I'm still redirected to the login page when I'm not logged in. 但是,当我没有登录时,我仍然被重定向到登录页面。

I did several tests, and it is the following line that is problematic: 我做了几次测试,以下几行是有问题的: 

- {path: ^ /, role: ROLE_USER}

I guess I misconfigured my access to the url. 我想我对网址的访问配置有误。

Someone can help me ? 有人可以帮助我吗? Thank you 谢谢

2 个解决方案

解决方案1
 4 已采纳  2017-08-04 09:44:03

Items in ACL are processed sequently, so you need to put it before: ACL中的项目是顺序处理的,因此您需要将其放在前面: 

access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/gc/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/maintenance/pdf/$, role: [ROLE_USER,IS_AUTHENTICATED_ANONYMOUSLY] }
        - { path: ^/admin, role: ROLE_USER }
        - { path: ^/, role: ROLE_USER }

解决方案2
 0  2017-08-04 09:43:53

上移更具体的规则,以便它们首先匹配。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Symfony 安全性 / access_control,大量冗余条目 - Symfony security / access_control, lots of redundant entries security.yml 中的 Symfony3 正则表达式 access_control - Symfony3 regex access_control in security.yml Symfony FosUserBundle access_control安全管理员登录 - Symfony FosUserBundle access_control security admin login 使用access_control在security.yml中管理路由 - Manage route in security.yml with access_control Symfony 4 access_control按角色不起作用 - Symfony 4 access_control not working by roles Symfony守护程序:access_control无效 - Symfony guard : access_control has no effect Symfony2 获取位于 security.yml 中的 access_control 参数 - Symfony2 get to the access_control parameters located in the security.yml Symfony2 - 将security access_control设置为仅允许匿名进行身份验证 - Symfony2 - set security access_control to allow only authenticated anonymously symfony2 access_control真的有用吗? - what symfony2 access_control really does? 如何在数据库中存储Symfony2“access_control”信息? - How to store Symfony2 “access_control” information in Database?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM