Symfony2项目security.yml多了一个防火墙,pattern怎么处理?
More than one firewall at Symfony2 project security.yml, how to deal with pattern?
我在一个需要两个防火墙或安全区域的项目中工作。第一个 firewall/secured 区域将允许 login/logout 使用 HWIOAuthBundle using Salesforce as provider, the second firewall/secured area will allow login/logout through FOSUserBundle since this is for internal sysadmin and so on. I have a doubt trying to get security.yml file well setup since I don't know how to deal with pattern parameter. I have read Security reference 但不知道如何做到这一点。这是我目前拥有的:
firewalls:
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/
anonymous: ~
在那种情况下我应该如何配置 pattern?
更新:防火墙不工作
这是防火墙部分处理用户回答的方式:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
post_only: true
always_use_default_target_path: true
target_path_parameter: _target_path
use_referer: false
failure_path: null
failure_forward: false
logout:
path: fos_user_security_logout
target: /
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
但是如果我尝试 http://appdev.local/app_dev.php/admin/ 我得到这个错误:
InvalidConfigurationException in BaseNode.php line 313: Invalid
configuration for path "security.firewalls.admin_area": The check_path
"/login_check" for login method "form_login" is not matched by the
firewall pattern "^/admin".
为什么?
编辑 2:如果 FOSUserBundle && HWIOAuth 一起工作会怎么样?
作为附加信息,我忘了从一开始就告诉这个,我已经安装并需要安装 FOSUserBundle && HWIOAuth,我正在努力让两者都正常工作。在那种情况下,这就是我的 routing.yml 的样子:
#HWIOAuthBundle
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
salesforce_login:
pattern: /login/check-salesforce
#PDOne
pd_one:
resource: "@PDOneBundle/Controller/"
type: annotation
prefix: /
template:
resource: "@TemplateBundle/Controller/"
type: annotation
prefix: /
#FOSUserBundle
fos_user:
resource: "@FOSUserBundle/Resources/config/routing/all.xml"
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
#SonataAdmin
admin:
resource: '@SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
prefix: /admin
_sonata_admin:
resource: .
type: sonata_admin
prefix: /admin
我应该如何处理 FOSUserBundle && HWIOAuth 之间的前缀?
只是简单
firewalls:
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
这是一个正则表达式,告诉 symfony 所有 ^(开始)和 / 的路由都遵循此规则。或者 /admin 遵循另一个规则。防火墙将始终遵循它首先匹配的任何规则。所以你的管理规则必须放在第一位,否则它不会起作用。
编辑
在您为 FOS UserBundle 添加安全路由的路由设置中,尝试将 /admin 作为前缀附加。可能是因为 /admin 是您的规则,但为登录生成的路由是 host.com/login 而不是 host.com/admin/login
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
我在一个需要两个防火墙或安全区域的项目中工作。第一个 firewall/secured 区域将允许 login/logout 使用 HWIOAuthBundle using Salesforce as provider, the second firewall/secured area will allow login/logout through FOSUserBundle since this is for internal sysadmin and so on. I have a doubt trying to get security.yml file well setup since I don't know how to deal with pattern parameter. I have read Security reference 但不知道如何做到这一点。这是我目前拥有的:
firewalls:
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/
anonymous: ~
在那种情况下我应该如何配置 pattern?
更新:防火墙不工作
这是防火墙部分处理用户回答的方式:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
post_only: true
always_use_default_target_path: true
target_path_parameter: _target_path
use_referer: false
failure_path: null
failure_forward: false
logout:
path: fos_user_security_logout
target: /
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
但是如果我尝试 http://appdev.local/app_dev.php/admin/ 我得到这个错误:
InvalidConfigurationException in BaseNode.php line 313: Invalid configuration for path "security.firewalls.admin_area": The check_path "/login_check" for login method "form_login" is not matched by the firewall pattern "^/admin".
为什么?
编辑 2:如果 FOSUserBundle && HWIOAuth 一起工作会怎么样?
作为附加信息,我忘了从一开始就告诉这个,我已经安装并需要安装 FOSUserBundle && HWIOAuth,我正在努力让两者都正常工作。在那种情况下,这就是我的 routing.yml 的样子:
#HWIOAuthBundle
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
salesforce_login:
pattern: /login/check-salesforce
#PDOne
pd_one:
resource: "@PDOneBundle/Controller/"
type: annotation
prefix: /
template:
resource: "@TemplateBundle/Controller/"
type: annotation
prefix: /
#FOSUserBundle
fos_user:
resource: "@FOSUserBundle/Resources/config/routing/all.xml"
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
#SonataAdmin
admin:
resource: '@SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
prefix: /admin
_sonata_admin:
resource: .
type: sonata_admin
prefix: /admin
我应该如何处理 FOSUserBundle && HWIOAuth 之间的前缀?
只是简单
firewalls:
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
这是一个正则表达式,告诉 symfony 所有 ^(开始)和 / 的路由都遵循此规则。或者 /admin 遵循另一个规则。防火墙将始终遵循它首先匹配的任何规则。所以你的管理规则必须放在第一位,否则它不会起作用。
编辑
在您为 FOS UserBundle 添加安全路由的路由设置中,尝试将 /admin 作为前缀附加。可能是因为 /admin 是您的规则,但为登录生成的路由是 host.com/login 而不是 host.com/admin/login
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"