Symfony上的security.yml问题
[英]Problems with security.yml on symfony
问题描述
I'm trying to configure some security in an Application developed on Symfony 1.4 with the sfGuardPlugin 5.0.0. 
我正在尝试使用sfGuardPlugin 5.0.0在Symfony 1.4上开发的应用程序中配置一些安全性。
The requirements say that the admin user can do everything and the viewer can only list and see the records. 要求说,管理员用户可以做所有事情,而查看者只能列出和查看记录。
This is the security.yml that I'm using in the directory config of the module: 这是我在模块的目录配置中使用的security.yml:
index:
is_secure: true
credentials: [[ admin, viewer ]]
show:
is_secure: true
credentials: [[ admin, viewer ]]
all:
is_secure: true
credentials: [ admin ]
But I don't know why when I try to make one of the actions allowed for the viewer It stops with the message "Not allowed". 但是我不知道为什么当我尝试进行允许查看器执行的操作之一时,它以消息“不允许”停止。
Here is the stack trace: 这是堆栈跟踪:
1 sfPatternRouting Connect sfRoute "sf_guard_signin" (/guard/login)
2 sfPatternRouting Connect sfRoute "sf_guard_signout" (/guard/logout)
3 sfPatternRouting Match route "homepage" (/) for / with parameters
array ( 'module' => 'strain', 'action' => 'index',)
4 sfFilterChain Executing filter "sfRenderingFilter"
5 sfFilterChain Executing filter "sfBasicSecurityFilter"
6 Doctrine_Connection_Mysql exec : SET NAMES 'UTF8' - ()
7 Doctrine_Connection_Statement execute : SELECT s.id AS s__id, s.first_name AS
s__first_name, s.last_name AS s__last_name, s.email_address AS s__email_address, s.username
AS s__username, s.algorithm AS s__algorithm, s.salt AS s__salt, s.password AS s__password,
s.is_active AS s__is_active, s.is_super_admin AS s__is_super_admin, s.last_login AS
s__last_login, s.avatar AS s__avatar, s.token AS s__token, s.notify_new_order AS
s__notify_new_order, s.notify_ready_order AS s__notify_ready_order, s.initials AS
s__initials, s.created_at AS s__created_at, s.updated_at AS s__updated_at FROM sf_guard_user
s WHERE (s.id = ?) LIMIT 1 - (25)
8 sfBasicSecurityFilter Action "strain/index" requires credentials
"[admin, viewer]", forwarding to "sfGuardAuth/secure"
9 sfFilterChain Executing filter "sfRenderingFilter"
10 sfFilterChain Executing filter "InboxFilter"
11 Doctrine_Connection_Statement execute : DELETE FROM notification WHERE
(status = ? AND updated_at < ?) - (2, 2012-05-19 14:21:05)
12 sfFilterChain Executing filter "sfExecutionFilter"
13 sfGuardAuthActions Call "sfGuardAuthActions->executeSecure()"
14 sfPHPView Render "sf_app_dir/modules/sfGuardAuth/templates/secureSuccess.php"
15 main Call "sfGuardAuth->executeSignin_form()"
16 sfPartialView Render "sf_app_dir/modules/sfGuardAuth/templates/_signin_form.php"
17 main Set slot "error_message"
18 sfPHPView Decorate content with "sf_app_dir/templates/login.php"
19 sfPHPView Render "sf_app_dir/templates/login.php"
20 main Get slot "error_message"
21 sfWebResponse Send status "HTTP/1.1 403 Forbidden"
22 sfWebResponse Send header "Content-Type: text/html; charset=utf-8"
Any clue? 有什么线索吗?
2 个解决方案
解决方案1
1 2012-06-19 11:27:32
Finally I found the problem, it was not that the application were asking for the two credentials, the issue was that Symfony was looking at the table permissions, and I was using the group. 最终,我找到了问题,这不是应用程序在请求两个凭据,而是Symfony正在查看表权限,而我正在使用该组。
Thanks a lot for all your answers. 非常感谢您的所有回答。
解决方案2
0 2012-06-18 13:09:19
According to the stacktrace, the user need to have both admin and viewer credentials. 据堆栈跟踪,用户需要有两个 admin和viewer的凭据。
If it wasn't the case, the error should be (note the [[ & ]] ) : 如果不是这种情况,则错误应该是(请注意[[ & ]] ):
Action "strain/index" requires credentials "[[admin, viewer]]", forwarding to "sfGuardAuth/secure"
Re-check your security.yml or paste the full file in your question. 重新检查您的security.yml或将完整文件粘贴到您的问题中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.