[英]Symfony 5 throwing Access Denied Exception
I am trying to use multiple authenticators (for each user role).我正在尝试使用多个身份验证器(对于每个用户角色)。 They were working fine until the last one, which redirects unauthenticated users to URL
/dashboard/
to login, but requests to /dashboard
are thrown AccessDeniedHttpException
:他们工作正常,直到最后一个,它将未经身份验证的用户重定向到 URL
/dashboard/
进行登录,但对/dashboard
的请求被抛出AccessDeniedHttpException
:
This is my security.yaml
file, which have all the firewalls:这是我的
security.yaml
文件,其中包含所有防火墙:
security:
encoders:
App\Entity\User:
algorithm: sha512
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/admin/
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\AdminAuthenticator
logout:
path: admin_logout
expert:
pattern: ^/dashboard/
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\ExpertAuthenticator
logout:
path: expert_logout
user:
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\UserAuthenticator
logout:
path: user_logout
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/ask, roles: ROLE_USER }
- { path: ^/dashboard/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/dashboard, roles: ROLE_EXPERT }
I think it is not necessary to paste here the authenticator since it is the Symfony 5 make:auth
maker command default which I copied and pasted for all the three authenticators while changing only public const LOGIN_ROUTE = 'user_login';
我认为没有必要在此处粘贴身份验证器,因为它是 Symfony 5
make:auth
maker 命令默认值,我为所有三个身份验证器复制并粘贴了它,同时仅更改了public const LOGIN_ROUTE = 'user_login';
and onAuthenticationSuccess()
function's redirect response path.和
onAuthenticationSuccess()
函数的重定向响应路径。
I also used the default SecurityController
:我还使用了默认的
SecurityController
:
namespace App\Controller\Expert;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
/**
* Class SecurityController
* @package App\Controller\Expert
* @Route("/dashboard")
*/
class SecurityController extends AbstractController
{
/**
* @Route("/login", name="expert_login")
*/
public function login(AuthenticationUtils $authenticationUtils): Response
{
if ($this->getUser()) {
return $this->redirectToRoute('expert_index');
}
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('expert/security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
}
/**
* @Route("/logout", name="expert_logout")
*/
public function logout()
{
$this->addFlash('success', 'Session closed');
return $this->redirectToRoute('expert_index');
}
}
Whenever I access to /admin
, /admin/whatever
or /ask
, /ask/whatever
I am redirected to its respective login form ( /admin/login
and /ask/dashboard
).每当我访问
/admin
、 /admin/whatever
或/ask
、 /ask/whatever
时,我都会被重定向到其各自的登录表单( /admin/login
和/ask/dashboard
)。
I can access directly to /dashboard/login
if I am not logged from another authenticator or if I am logged with ROLE_EXPERT
.如果我没有从另一个身份验证器登录或者我使用
ROLE_EXPERT
登录,我可以直接访问/dashboard/login
。 If not, I am getting the mentioned exception.如果没有,我会收到提到的异常。
Well, do you see what is going on?好吧,你知道发生了什么吗?
You should move - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
as last access_control
entry.您应该移动
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
作为最后一个access_control
条目。
That's because Symfony parses it as you're writing it (think about it like it's a FIFO queue) and, as /
could be accessed in anonymous way, associated token will be anonymous (it won't try to read from session or whatever).那是因为 Symfony 在您编写它时会对其进行解析(将其视为 FIFO 队列),并且由于
/
可以以匿名方式访问,因此关联的令牌将是匿名的(它不会尝试从 session 或其他任何内容中读取) .
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.