如何在 ApiPlatform 上允许路径不登录?
How to allow path without login on ApiPlatform?
我有以下路径:
api_inventories_create_inventory_listing_collection POST ANY ANY /api/inventory/{type}
在我的实体中定义如下:
@ApiResource(
* attributes={"security"="is_granted('ROLE_ADMIN')"},
* collectionOperations={
* "get"={"security"="is_granted('ROLE_ADMIN')"},
* "create_inventory_listing"={
* "method"="POST",
* "path"="/inventory/{type}",
* "controller"=CreateSingleDeviceTypeController::class,
* },
* "post"
* },
* itemOperations={
* "get"={"security"="is_granted('ROLE_ADMIN')"},
* "delete"={"security"="is_granted('ROLE_ADMIN')"},
* "put"={"security"="is_granted('ROLE_ADMIN') or object.owner == user"},
* }
* )
如您所见,在 ApiResource 中,该控制器没有安全性。
并且在 security.yml 中我允许路径:
access_control:
- { path: ^/api/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY } # Allows accessing the Swagger UI
- { path: ^/api/inventory, roles: IS_AUTHENTICATED_ANONYMOUSLY } # Allows accessing the Swagger UI
- { path: ^/authentication_token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
附件是通过 curl 的请求
curl -X POST 'https://127.0.0.1:8000/api/inventory/water' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json;charset=utf-8' \
--data '{"deviceType":"/api/device_types/2","serial":"provision"}'
和响应
{"code":401,"message":"JWT Token not found"}
您在实体的资源级别指定了安全属性:attributes={"security"="is_granted('ROLE_ADMIN')"},
这意味着他们是安全的,所以系统会尝试找到一个用户。
我有以下路径:
api_inventories_create_inventory_listing_collection POST ANY ANY /api/inventory/{type}
在我的实体中定义如下:
@ApiResource(
* attributes={"security"="is_granted('ROLE_ADMIN')"},
* collectionOperations={
* "get"={"security"="is_granted('ROLE_ADMIN')"},
* "create_inventory_listing"={
* "method"="POST",
* "path"="/inventory/{type}",
* "controller"=CreateSingleDeviceTypeController::class,
* },
* "post"
* },
* itemOperations={
* "get"={"security"="is_granted('ROLE_ADMIN')"},
* "delete"={"security"="is_granted('ROLE_ADMIN')"},
* "put"={"security"="is_granted('ROLE_ADMIN') or object.owner == user"},
* }
* )
如您所见,在 ApiResource 中,该控制器没有安全性。
并且在 security.yml 中我允许路径:
access_control:
- { path: ^/api/docs, roles: IS_AUTHENTICATED_ANONYMOUSLY } # Allows accessing the Swagger UI
- { path: ^/api/inventory, roles: IS_AUTHENTICATED_ANONYMOUSLY } # Allows accessing the Swagger UI
- { path: ^/authentication_token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
附件是通过 curl 的请求
curl -X POST 'https://127.0.0.1:8000/api/inventory/water' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/json;charset=utf-8' \
--data '{"deviceType":"/api/device_types/2","serial":"provision"}'
和响应
{"code":401,"message":"JWT Token not found"}
您在实体的资源级别指定了安全属性:attributes={"security"="is_granted('ROLE_ADMIN')"},
这意味着他们是安全的,所以系统会尝试找到一个用户。