可以仅向断开连接的用户授权页面
Possible to authorize a page only to the disconnected user
我想知道是否可以在 symfony 控制器上只允许注销的用户(例如登录页面)。
我尝试使用:
- isGranted("IS_ANONYMOUS"): 只有匿名用户才匹配这个属性。
- 在 security.yaml { 路径:^/connexion,角色:IS_ANONYMOUS}
我的 security.yaml :
security:
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: "auto"
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: username
# used to reload user from session & other features (e.g. switch_user)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
lazy: true
provider: app_user_provider
form_login:
# "login" is the name of the route created previously
login_path: connexion
check_path: connexion
default_target_path: /
always_use_default_target_path: true
logout:
path: deconnection
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/deconnection, roles: IS_AUTHENTICATED_FULLY}
when@test:
security:
password_hashers:
# By default, password hashers are resource intensive and take time. This is
# important to generate secure password hashes. In tests however, secure hashes
# are not important, waste resources and increase test times. The following
# reduces the work factor to the lowest possible values.
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
还有我的控制器:
class ConnexionController extends AbstractController
{
#[Route('/connexion', name: 'connexion')]
public function index(AuthenticationUtils $authenticationUtils, UserInterface $user = null): Response
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('connexion/index.html.twig', [
'last_username' => $lastUsername,
'error' => $error,
]);
}
}
但是没有如我所愿,能否赐教谢谢:)
如果您使用 Symfony 5.4 或更高版本,您应该使用 PUBLIC_ACCESS 角色
自 Symfony 5.3 起,IS_ANONYMOUS 和 IS_AUTHENTICATED_ANONYMOUSLY 属性已弃用。
https://symfony.com/doc/5.4/security.html#allowing-unsecured-access-i-e-anonymous-users
在登录页面拒绝访问效率不高,相反,您可以在登录功能中做一些测试,如果用户通过身份验证,则将他重定向到特定路由。
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY'); 等待经过身份验证的用户,替换为
if ($this->getUser()) {
return $this->redirectToRoute('home');
}
将路线名称 home 替换为您的
我想知道是否可以在 symfony 控制器上只允许注销的用户(例如登录页面)。
我尝试使用:
- isGranted("IS_ANONYMOUS"): 只有匿名用户才匹配这个属性。
- 在 security.yaml { 路径:^/connexion,角色:IS_ANONYMOUS}
我的 security.yaml :
security:
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: "auto"
App\Entity\User:
algorithm: auto
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: username
# used to reload user from session & other features (e.g. switch_user)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
lazy: true
provider: app_user_provider
form_login:
# "login" is the name of the route created previously
login_path: connexion
check_path: connexion
default_target_path: /
always_use_default_target_path: true
logout:
path: deconnection
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/deconnection, roles: IS_AUTHENTICATED_FULLY}
when@test:
security:
password_hashers:
# By default, password hashers are resource intensive and take time. This is
# important to generate secure password hashes. In tests however, secure hashes
# are not important, waste resources and increase test times. The following
# reduces the work factor to the lowest possible values.
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
还有我的控制器:
class ConnexionController extends AbstractController
{
#[Route('/connexion', name: 'connexion')]
public function index(AuthenticationUtils $authenticationUtils, UserInterface $user = null): Response
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('connexion/index.html.twig', [
'last_username' => $lastUsername,
'error' => $error,
]);
}
}
但是没有如我所愿,能否赐教谢谢:)
如果您使用 Symfony 5.4 或更高版本,您应该使用 PUBLIC_ACCESS 角色
自 Symfony 5.3 起,IS_ANONYMOUS 和 IS_AUTHENTICATED_ANONYMOUSLY 属性已弃用。
https://symfony.com/doc/5.4/security.html#allowing-unsecured-access-i-e-anonymous-users
在登录页面拒绝访问效率不高,相反,您可以在登录功能中做一些测试,如果用户通过身份验证,则将他重定向到特定路由。
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY'); 等待经过身份验证的用户,替换为
if ($this->getUser()) {
return $this->redirectToRoute('home');
}
将路线名称 home 替换为您的