Symfony 5 抛出拒绝访问异常
Symfony 5 throwing Access Denied Exception
我正在尝试使用多个身份验证器(针对每个用户角色)。他们在最后一个之前工作正常,它将未经身份验证的用户重定向到 URL /dashboard/ 以登录,但是对 /dashboard 的请求被抛出 AccessDeniedHttpException:
这是我的 security.yaml 文件,其中包含所有防火墙:
security:
encoders:
App\Entity\User:
algorithm: sha512
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/admin/
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\AdminAuthenticator
logout:
path: admin_logout
expert:
pattern: ^/dashboard/
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\ExpertAuthenticator
logout:
path: expert_logout
user:
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\UserAuthenticator
logout:
path: user_logout
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/ask, roles: ROLE_USER }
- { path: ^/dashboard/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/dashboard, roles: ROLE_EXPERT }
我认为没有必要在此处粘贴验证器,因为它是 Symfony 5 make:auth maker 命令默认值,我为所有三个验证器复制并粘贴了它,同时仅更改 public const LOGIN_ROUTE = 'user_login'; 和 onAuthenticationSuccess() 函数的重定向响应路径。
我也用默认的SecurityController:
namespace App\Controller\Expert;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
/**
* Class SecurityController
* @package App\Controller\Expert
* @Route("/dashboard")
*/
class SecurityController extends AbstractController
{
/**
* @Route("/login", name="expert_login")
*/
public function login(AuthenticationUtils $authenticationUtils): Response
{
if ($this->getUser()) {
return $this->redirectToRoute('expert_index');
}
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('expert/security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
}
/**
* @Route("/logout", name="expert_logout")
*/
public function logout()
{
$this->addFlash('success', 'Session closed');
return $this->redirectToRoute('expert_index');
}
}
每当我访问 /admin、/admin/whatever 或 /ask、/ask/whatever 时,我都会被重定向到其各自的登录表单(/admin/login 和 /ask/dashboard).
如果我不是从另一个身份验证器登录的,或者如果我是使用 ROLE_EXPERT 登录的,我可以直接访问 /dashboard/login。如果没有,我将得到上述异常。
嗯,你知道发生了什么事吗?
您应该将 - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY } 作为最后一个 access_control 条目移动。
那是因为 Symfony 在你写它的时候解析它(把它想象成一个 FIFO 队列)并且,因为 / 可以以匿名方式访问,关联的令牌将是匿名的(它不会'不要尝试从会话或其他内容中读取)。
我正在尝试使用多个身份验证器(针对每个用户角色)。他们在最后一个之前工作正常,它将未经身份验证的用户重定向到 URL /dashboard/ 以登录,但是对 /dashboard 的请求被抛出 AccessDeniedHttpException:
这是我的 security.yaml 文件,其中包含所有防火墙:
security:
encoders:
App\Entity\User:
algorithm: sha512
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/admin/
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\AdminAuthenticator
logout:
path: admin_logout
expert:
pattern: ^/dashboard/
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\ExpertAuthenticator
logout:
path: expert_logout
user:
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\UserAuthenticator
logout:
path: user_logout
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/ask, roles: ROLE_USER }
- { path: ^/dashboard/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/dashboard, roles: ROLE_EXPERT }
我认为没有必要在此处粘贴验证器,因为它是 Symfony 5 make:auth maker 命令默认值,我为所有三个验证器复制并粘贴了它,同时仅更改 public const LOGIN_ROUTE = 'user_login'; 和 onAuthenticationSuccess() 函数的重定向响应路径。
我也用默认的SecurityController:
namespace App\Controller\Expert;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
/**
* Class SecurityController
* @package App\Controller\Expert
* @Route("/dashboard")
*/
class SecurityController extends AbstractController
{
/**
* @Route("/login", name="expert_login")
*/
public function login(AuthenticationUtils $authenticationUtils): Response
{
if ($this->getUser()) {
return $this->redirectToRoute('expert_index');
}
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('expert/security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
}
/**
* @Route("/logout", name="expert_logout")
*/
public function logout()
{
$this->addFlash('success', 'Session closed');
return $this->redirectToRoute('expert_index');
}
}
每当我访问 /admin、/admin/whatever 或 /ask、/ask/whatever 时,我都会被重定向到其各自的登录表单(/admin/login 和 /ask/dashboard).
如果我不是从另一个身份验证器登录的,或者如果我是使用 ROLE_EXPERT 登录的,我可以直接访问 /dashboard/login。如果没有,我将得到上述异常。
嗯,你知道发生了什么事吗?
您应该将 - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY } 作为最后一个 access_control 条目移动。
那是因为 Symfony 在你写它的时候解析它(把它想象成一个 FIFO 队列)并且,因为 / 可以以匿名方式访问,关联的令牌将是匿名的(它不会'不要尝试从会话或其他内容中读取)。