防止用户在未登录时重定向到登录页面 / Symfony FosUserBundle
Prevent user redirect to login page if not logged in / Symfony3 FosUserBndl
我正在使用 Symfony3 for a web application with the FosUserBundle 进行用户管理。
我在我的应用程序中插入了登录和注册表单,如下所示 header.html.twig。这个文件 (header) 被插入到我的主文件 (base.html.twig) 中,这意味着它被插入到我几乎所有的页面中。
<div class="modal fade" id="registerModal" role="dialog">
{{ render(controller('UserBundle:Registration:Register', {'request': app.request})) }}
</div>
<div class="modal fade" id="loginModal" role="dialog">
{{ render(controller('UserBundle:Security:Login')) }}
</div>
问题是当我尝试访问主页时 http://localhost/baseurl/web/app_dev.php/ I am redirected to http://localhost/baseurl/web/app_dev.php/login fos_user_security_login
(在 security.yml 的 login_path 中配置的 FosUserBundle 登录路由。)
我不明白在 header
中覆盖并插入 security_login 表单的情况下如何配置和使用 FUB
我的security.yml如下:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /
failure_path: /
logout:
path: /logout
target: /
anonymous: true
remember_me:
secret: '%secret%'
lifetime: 604800 # 1 week in seconds
path: /
role_hierarchy:
ROLE_SECRETAIRE: [ROLE_USER]
ROLE_ADMIN: [ROLE_SECRETAIRE]
access_control:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_SECRETAIRE }
config.yml :
# FOSUserBundle Configuration
fos_user:
db_driver: orm
firewall_name: main
user_class: UserBundle\Entity\User
use_listener: true
use_flash_notifications: true
use_authentication_listener: true
use_username_form_type: true
model_manager_name: null # change it to the name of your entity/document manager if you don't want to use the default one.
from_email:
address: xxx@gmail.com
sender_name: Gauthier
profile:
form:
type: FOS\UserBundle\Form\Type\ProfileFormType
name: fos_user_profile_form
validation_groups: [Profile, Default]
change_password:
form:
type: FOS\UserBundle\Form\Type\ChangePasswordFormType
name: fos_user_change_password_form
validation_groups: [ChangePassword, Default]
registration:
confirmation:
enabled: false
template: '@FOSUser/Registration/email.txt.twig'
form:
type: UserBundle\Form\Type\RegistrationType
name: fos_user_registration_form
validation_groups: [Registration, Default]
resetting:
token_ttl: 86400
email:
template: '@FOSUser/Resetting/email.txt.twig'
form:
type: FOS\UserBundle\Form\Type\ResettingFormType
name: fos_user_resetting_form
validation_groups: [ResetPassword, Default]
service:
mailer: fos_user.mailer.default
email_canonicalizer: fos_user.util.canonicalizer.default
username_canonicalizer: fos_user.util.canonicalizer.default
token_generator: fos_user.util.token_generator.default
user_manager: fos_user.user_manager.default
当我在控制器中添加与路由 'homepage' (http://localhost/baseurl/web/app_dev.php/) 匹配的 die('ok');
时,我没有被重定向到 /login
但我有 "ok" 在白页上打印。我不明白 /login 的重定向在哪里完成
Next, take a look at and examine the firewalls section. Here we have declared a firewall named main. By specifying form_login, you have told the Symfony Framework that any time a request is made to this firewall that leads to the user needing to authenticate himself, the user will be redirected to a form where he will be able to enter his credentials.
要允许访问您的主页,您可以添加如下内容:
# app/config/security.yml file
security:
...
access_control:
# allow anonymous access to the homepage:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
在这种情况下,routing.yml
中索引操作的模式必须是“/”。
我正在使用 Symfony3 for a web application with the FosUserBundle 进行用户管理。
我在我的应用程序中插入了登录和注册表单,如下所示 header.html.twig。这个文件 (header) 被插入到我的主文件 (base.html.twig) 中,这意味着它被插入到我几乎所有的页面中。
<div class="modal fade" id="registerModal" role="dialog">
{{ render(controller('UserBundle:Registration:Register', {'request': app.request})) }}
</div>
<div class="modal fade" id="loginModal" role="dialog">
{{ render(controller('UserBundle:Security:Login')) }}
</div>
问题是当我尝试访问主页时 http://localhost/baseurl/web/app_dev.php/ I am redirected to http://localhost/baseurl/web/app_dev.php/login fos_user_security_login
(在 security.yml 的 login_path 中配置的 FosUserBundle 登录路由。)
我不明白在 header
我的security.yml如下:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /
failure_path: /
logout:
path: /logout
target: /
anonymous: true
remember_me:
secret: '%secret%'
lifetime: 604800 # 1 week in seconds
path: /
role_hierarchy:
ROLE_SECRETAIRE: [ROLE_USER]
ROLE_ADMIN: [ROLE_SECRETAIRE]
access_control:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_SECRETAIRE }
config.yml :
# FOSUserBundle Configuration
fos_user:
db_driver: orm
firewall_name: main
user_class: UserBundle\Entity\User
use_listener: true
use_flash_notifications: true
use_authentication_listener: true
use_username_form_type: true
model_manager_name: null # change it to the name of your entity/document manager if you don't want to use the default one.
from_email:
address: xxx@gmail.com
sender_name: Gauthier
profile:
form:
type: FOS\UserBundle\Form\Type\ProfileFormType
name: fos_user_profile_form
validation_groups: [Profile, Default]
change_password:
form:
type: FOS\UserBundle\Form\Type\ChangePasswordFormType
name: fos_user_change_password_form
validation_groups: [ChangePassword, Default]
registration:
confirmation:
enabled: false
template: '@FOSUser/Registration/email.txt.twig'
form:
type: UserBundle\Form\Type\RegistrationType
name: fos_user_registration_form
validation_groups: [Registration, Default]
resetting:
token_ttl: 86400
email:
template: '@FOSUser/Resetting/email.txt.twig'
form:
type: FOS\UserBundle\Form\Type\ResettingFormType
name: fos_user_resetting_form
validation_groups: [ResetPassword, Default]
service:
mailer: fos_user.mailer.default
email_canonicalizer: fos_user.util.canonicalizer.default
username_canonicalizer: fos_user.util.canonicalizer.default
token_generator: fos_user.util.token_generator.default
user_manager: fos_user.user_manager.default
当我在控制器中添加与路由 'homepage' (http://localhost/baseurl/web/app_dev.php/) 匹配的 die('ok');
时,我没有被重定向到 /login
但我有 "ok" 在白页上打印。我不明白 /login 的重定向在哪里完成
Next, take a look at and examine the firewalls section. Here we have declared a firewall named main. By specifying form_login, you have told the Symfony Framework that any time a request is made to this firewall that leads to the user needing to authenticate himself, the user will be redirected to a form where he will be able to enter his credentials.
要允许访问您的主页,您可以添加如下内容:
# app/config/security.yml file
security:
...
access_control:
# allow anonymous access to the homepage:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
在这种情况下,routing.yml
中索引操作的模式必须是“/”。