Symfony PHP 注销不工作
Symfony PHP Logout not working
我有一个在另一个项目中工作的注销功能,但由于某种原因在我目前正在处理的项目中不起作用。看起来它只是刷新页面。我查看了 Symfony https://symfony.com/doc/current/security.html 的官方文档,但无济于事。希望你们能帮助我。
已更新:Security.yml:
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
providers:
in_memory:
memory:
users:
beheerder:
password: admin
roles: 'ROLE_BEHEERDER'
access_control:
- { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous:
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
http_basic: ~
# https://symfony.com/doc/current/security/form_login_setup.html
#form_login: ~
logout:
path: security_logout
target: /
控制器:
<?php
namespace AppBundle\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
class DefaultController extends Controller
{
//Functie om naar de homepagina te gaan met een redirect naar de homepagina van de gebruiker.
/**
* @Route("/", name="homepage")
*/
public function indexAction(Request $request, AuthorizationCheckerInterface $authorizationChecker)
{
if ($authorizationChecker->isGranted(new Expression('"ROLE_BEHEERDER" in roles')))
{
return $this->redirectToRoute('beheerder');
}
else
{
return $this->render('default/index.html.twig');
}
}
/**
* @Route("/beheerder", name="beheerder")
*/
public function beheerder(Request $request)
{
return new Response($this->renderView('beheerder/index.html.twig'));
}
/**
* @Route("/logout", name="security_logout")
*/
public function logoutAction(Request $request)
{
return new Response($this->renderView('logout.html.twig'), 401);
}
}
注销 Twig:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>{% block title %}Overzicht{% endblock %}</title>
<link rel="icon" type="image/x-icon" href="{{ asset('favicon.ico') }}" />
</head>
<body>
<p>Redirecting back....</p>
<script>
document.cookie = 'PHPSESSID=; Path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
window.location.href = '{{ url('homepage') }}';
</script>
</body>
</html>
编辑:我正在使用 Symfony 3.4。当我转到页面 /logout 时,它看起来只是刷新页面。我可以看到它转到注销功能,但用户不会注销。
您为 IS_AUTHENTICATED_ANONYMOUSLY 定义的注销路径中的访问控制是错误的。
请移除 - { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
或
编辑- { path: '^/logout', roles: [ROLE_BEHEERDER] }
您还没有设置防火墙
main:
anonymous: ~
它应该看起来像
主要的:
匿名:~
secured_arena:
模式:^/beheerder
有这个说每个人都可以访问"main"防火墙你应该限制区域
当你拥有它时,只需将以下几行添加到防火墙中
logout:
path: /logout
target: /
并定义您已经完成的 /logout 路由。 Symfony 会自动注销。
您还需要指定身份验证器和检查路径检查https://symfony.com/doc/current/security/custom_password_authenticator.html
app/config/security.yml
security:
# editor fold [...]
firewalls:
# editor fold [...]
main:
# editor fold [...]
# add logout into the security firewall
logout:
path: security_logout
target: /
# editor fold [...]
access_control:
- { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
# Not needed
# - { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
app/config/routing.yml
# editor fold [...]
# add logout path into main routing file
security_logout:
path: /logout
树枝视图
<!-- logout link -->
<a href="{{ path('security_logout') }}">Logout</a>
来自 Symfony 安全文档:https://symfony.com/doc/3.4/security.html#logging-out
Notice that when using http-basic authenticated firewalls, there is no real way to log out : the only way to log out is to have the browser stop sending your name and password on every request. Clearing your browser cache or restarting your browser usually helps. Some web developer tools might be helpful here too.
您使用的是 http-basic,因此清除 cookie 无效。因此,如果您想使用该代码,则需要实施不同的身份验证并停止使用 http-basic。
我有一个在另一个项目中工作的注销功能,但由于某种原因在我目前正在处理的项目中不起作用。看起来它只是刷新页面。我查看了 Symfony https://symfony.com/doc/current/security.html 的官方文档,但无济于事。希望你们能帮助我。
已更新:Security.yml:
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
providers:
in_memory:
memory:
users:
beheerder:
password: admin
roles: 'ROLE_BEHEERDER'
access_control:
- { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous:
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
http_basic: ~
# https://symfony.com/doc/current/security/form_login_setup.html
#form_login: ~
logout:
path: security_logout
target: /
控制器:
<?php
namespace AppBundle\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
class DefaultController extends Controller
{
//Functie om naar de homepagina te gaan met een redirect naar de homepagina van de gebruiker.
/**
* @Route("/", name="homepage")
*/
public function indexAction(Request $request, AuthorizationCheckerInterface $authorizationChecker)
{
if ($authorizationChecker->isGranted(new Expression('"ROLE_BEHEERDER" in roles')))
{
return $this->redirectToRoute('beheerder');
}
else
{
return $this->render('default/index.html.twig');
}
}
/**
* @Route("/beheerder", name="beheerder")
*/
public function beheerder(Request $request)
{
return new Response($this->renderView('beheerder/index.html.twig'));
}
/**
* @Route("/logout", name="security_logout")
*/
public function logoutAction(Request $request)
{
return new Response($this->renderView('logout.html.twig'), 401);
}
}
注销 Twig:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>{% block title %}Overzicht{% endblock %}</title>
<link rel="icon" type="image/x-icon" href="{{ asset('favicon.ico') }}" />
</head>
<body>
<p>Redirecting back....</p>
<script>
document.cookie = 'PHPSESSID=; Path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
window.location.href = '{{ url('homepage') }}';
</script>
</body>
</html>
编辑:我正在使用 Symfony 3.4。当我转到页面 /logout 时,它看起来只是刷新页面。我可以看到它转到注销功能,但用户不会注销。
您为 IS_AUTHENTICATED_ANONYMOUSLY 定义的注销路径中的访问控制是错误的。
请移除 - { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
或
编辑- { path: '^/logout', roles: [ROLE_BEHEERDER] }
您还没有设置防火墙
main:
anonymous: ~
它应该看起来像 主要的: 匿名:~ secured_arena: 模式:^/beheerder
有这个说每个人都可以访问"main"防火墙你应该限制区域
当你拥有它时,只需将以下几行添加到防火墙中
logout:
path: /logout
target: /
并定义您已经完成的 /logout 路由。 Symfony 会自动注销。
您还需要指定身份验证器和检查路径检查https://symfony.com/doc/current/security/custom_password_authenticator.html
app/config/security.yml
security:
# editor fold [...]
firewalls:
# editor fold [...]
main:
# editor fold [...]
# add logout into the security firewall
logout:
path: security_logout
target: /
# editor fold [...]
access_control:
- { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
# Not needed
# - { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
app/config/routing.yml
# editor fold [...]
# add logout path into main routing file
security_logout:
path: /logout
树枝视图
<!-- logout link -->
<a href="{{ path('security_logout') }}">Logout</a>
来自 Symfony 安全文档:https://symfony.com/doc/3.4/security.html#logging-out
Notice that when using http-basic authenticated firewalls, there is no real way to log out : the only way to log out is to have the browser stop sending your name and password on every request. Clearing your browser cache or restarting your browser usually helps. Some web developer tools might be helpful here too.
您使用的是 http-basic,因此清除 cookie 无效。因此,如果您想使用该代码,则需要实施不同的身份验证并停止使用 http-basic。