[英]Symfony 2 — anonymous pages have empty “security.context” token?
When I do this in a controller: 当我在控制器中执行此操作时:
$token = $this->get('security.context')->getToken();
The token is null if the controller is under an unprotected URL: 如果控制器位于不受保护的URL下,则令牌为null:
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
- { path: ^/public, roles: IS_AUTHENTICATED_ANONYMOUSLY }
In my case, the controller action is invoked on /public
. 就我而言,控制器动作是在
/public
上调用的。 The token exists if the code runs under /
protected pages though. 如果代码在
/
受保护的页面下运行,则该令牌存在。
The reason why I want this is because I want to include additional information in case the user is logged in, and I wanted to check for the existence of this "token". 之所以这样,是因为我想在用户登录的情况下包括其他信息,并且我想检查该“令牌”的存在。
Is there a better way to check if the user has logged in -- something that works in both protected and unprotected areas? 有没有更好的方法来检查用户是否已登录-在受保护区域和不受保护区域均可使用?
You can check if a user is authenticated by checking whether they are authenticated fully, that is, they are non-anonymous with the isGranted
function. 您可以通过检查用户是否经过完全认证来检查用户是否通过了认证,也就是说,他们与
isGranted
函数是非匿名的。
use Symfony\Component\Security\Core\Exception\AccessDeniedException
public function editAction()
{
if (false === $this->get('security.context')->isGranted(
'IS_AUTHENTICATED_FULLY'
)) {
throw new AccessDeniedException();
}
// ...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.