stackoom
  简体   繁体   中英

Symfony2 FOSUserBundle authentication

 原文  2015-08-02 16:11:12       symfony

Question

I've just configured FOSUserBundle bundle of Symfony2, and I've got a question to ask.

Some of the URL's below allows access to configuration pages to everyone. How can I limit this to only admin?

For instance, the page below shouldn't be visible to visitors/members without admin login. 

http://localhost/fosuser/web/app_dev.php/_profiler/search_bar

I ran the following command using terminal : php app/console router:debug 

_wdt ANY ANY ANY /_wdt/{token}
_profiler_home ANY ANY ANY /_profiler/
_profiler_search ANY ANY ANY /_profiler/search
_profiler_search_bar ANY ANY ANY /_profiler/search_bar
_profiler_purge ANY ANY ANY /_profiler/purge
_profiler_info ANY ANY ANY /_profiler/info/{about}
_profiler_phpinfo ANY ANY ANY /_profiler/phpinfo
_profiler_search_results ANY ANY ANY /_profiler/{token}/search/results
_profiler ANY ANY ANY /_profiler/{token}
_profiler_router ANY ANY ANY /_profiler/{token}/router
_profiler_exception ANY ANY ANY /_profiler/{token}/exception
_profiler_exception_css ANY ANY ANY /_profiler/{token}/exception.css
_configurator_home ANY ANY ANY /_configurator/
_configurator_step ANY ANY ANY /_configurator/step/{index}
_configurator_final ANY ANY ANY /_configurator/final
_twig_error_test ANY ANY ANY /_error/{code}.{_format}
user ANY ANY ANY /user/
user_show ANY ANY ANY /user/{id}/show
user_new ANY ANY ANY /user/new
user_create POST ANY ANY /user/create
user_edit ANY ANY ANY /user/{id}/edit
user_update POST|PUT ANY ANY /user/{id}/update
user_delete POST|DELETE ANY ANY /user/{id}/delete
custom_user_homepage ANY ANY ANY /hello/{name}
homepage ANY ANY ANY /app/example

1 answers

solution1
 1 ACCPTED  2015-08-02 16:24:36

By default in symfony all _profiler urls are managed in the dev firewall with pattern ^/(_(profiler|wdt|error)|css|images|js)/ , this you can see in your app/config/security.yml file. As you will see they have no associated security. This is normal as they will not be accessible in production.

If however you still need to check those URLs feel free to add some security configuration to that firewall bearing in mind it will also affect other matched URLs such as _error or css so you might want to create a new specific firewall just for _profiler routes.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question iOS authentication with Symfony2 and FOSUserBundle Symfony2 FOSuserbundle and ntlm authentication Linked authentication Integrating with Symfony2 (FOSUserBundle) Symfony2 - Firewall with FOSUserBundle Symfony2 FOSUserBundle FlashBag Symfony2 multi FosUserBundle Symfony2 FOSUserBundle FOSUserEvents Symfony2 FOSUserBundle security Symfony2 - Tests with FOSUserBundle OpenID with FOSUserBundle in Symfony2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM