堆棧內存溢出
  簡體   English   中英

Symfony 3-模式導致使用Guard Authenticator登錄問題

[英]Symfony 3 - pattern causes login problems with guard authenticator

 原文  2017-10-24 15:28:04       php/ symfony/ authentication

問題描述

我試圖添加身份驗證器,該身份驗證器僅應負責訪問路徑/ Abc,並且默認情況下應由默認身份驗證器保護其他安全區域。

只要將pattern line pattern: ^/Abc到我的security.yml中,一切就可以正常工作。 我可以登錄和注銷。 使用令牌類PostAuthenticationGuardToken和防火牆abc對用戶進行身份驗證。

當我添加線條pattern: ^/Abc我無法登錄了(進入/ Abc區域)。 在我提交登錄表單應用程序后,將其重新加載到路徑login_abc中

安全性 

security:
   firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        abc:
            anonymous: ~
            pattern: ^/Abc
            guard:
                authenticators:
                    - abc_authenticator
            form_login:
                login_path:     login_abc
                check_path:     login_abc
                remember_me:    false

            logout:
                path:   logout_abc
                target: main_index

        default:
            anonymous: ~
            pattern: ^/(?!Abc)
            form_login:
                always_use_default_target_path: false
                login_path:     login
                check_path:     login
                remember_me:    false

                logout:
                    path:   logout
                    target: main_index




   access_control:
            - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/login_abc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
            - { path: ^/Abc, roles: [ROLE_ABC] } 
            - { path: ^/Work, roles: [ROLE_WORK, ROLE_WORK2] }
            - { path: ^/Home, roles: [ROLE_HOME] }

abcAuthenticator.php 

namespace AppBundle\Security;

use AppBundle\Entity\User;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
use Doctrine\Bundle\DoctrineBundle\Registry as Doctrine;


class abcAuthenticator extends AbstractGuardAuthenticator {

    const ACCESS_DENNIED = "Access dennied";

    /**
     * @var \Symfony\Component\Routing\RouterInterface
     */
    private $router;

    /**
     * @var Doctrine
     */
    private $doctrine;


    /**
     * abcAuthenticator constructor.
     */
    public function __construct(RouterInterface $router, Doctrine $doctrine) {
        $this->router = $router;
        $this->doctrine = $doctrine;
    }

    public function start(Request $request, AuthenticationException $authException = null) {
        $url = $this->router->generate('login_abc');
        return new RedirectResponse($url);
    }

    public function getCredentials(Request $request) {
        if ($request->getPathInfo() != '/login_abc' || !$request->isMethod('POST')) {
            return;
        }

        return array(
            'cardToken' => $request->request->get('_cardToken'),
        );

    }

    public function getUser($credentials, UserProviderInterface $userProvider) {
        try {
            try {
                $user = $this->doctrine->getRepository(User::class)->findOneByCardToken($credentials['cardToken']);
                if (is_null($user)) {
                    throw new UsernameNotFoundException();
                }
                return $userProvider->loadUserByUsername($user->getUsername());
            } catch (UsernameNotFoundException $e) {
                throw new CustomUserMessageAuthenticationException(self::ACCESS_DENNIED);
            }

        }
        catch (UsernameNotFoundException $e) {
            throw new CustomUserMessageAuthenticationException(self::ACCESS_DENNIED);
        }
    }

    public function checkCredentials($credentials, UserInterface $user) {
        return true;
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception) {
        $url = $this->router->generate('login_abc');
        return new RedirectResponse($url);
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) {
        $url = $this->router->generate('abc_panel');
        return new RedirectResponse($url);
    }

    public function supportsRememberMe() {
        return false;
    }

}

身份驗證器當然已注冊為服務。

我不知道怎么了。 請幫助。

1 個解決方案

解決方案1
 0  2017-10-24 22:29:28

getCredentials()方法中,如果您訪問URL /login_abc (URL,而不是路由名稱),則似乎僅允許登錄-但僅允許在URL /Abc上運行防護。

使用多個防火牆非常復雜-使用單個防火牆可能會更容易,然后允許運行多個身份驗證,直到成功(基於URL,然后是任何用戶名,密碼/令牌等),然后再進行其他操作將被跳過。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Symfony4多防護身份驗證器重定向問題 Symfony 5.1 到 5.2 單元測試不通過保護驗證器進行驗證 問題為symfony2建立登錄身份驗證器 Symfony 2 Guard組件和正常的登錄表單 無法使用 Symfony Guard 登錄,可能是因為 cookie 和多域 Symfony登錄不適用於具有相同模式的多個防火牆 Symfony 3自定義表格密碼驗證器 PHPStan 中的 Symfony Authenticator 錯誤 Symfony安全-跳過防護 Symfony 3, Guard & Handlers
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM