如何在symfony2中保护除登录页面外的所有页面?[英] how to secure whole pages except login page in symfony2?

本文是小编为大家收集整理的关于如何在symfony2中保护除登录页面外的所有页面?的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我想通过FosuserBundle通过登录来确保整个站点.我尝试设置安全性.

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
    fos_userbundle:
        id: fos_user.user_manager

firewalls:
    main:
        pattern:    ^/
        form_login:
            check_path: /login_check
            login_path: /login
            provider: fos_userbundle
            always_use_default_target_path: true
            default_target_path: /dashboard
        logout:
            path:   /logout
            target: /
        anonymous: ~
        #http_basic:
        #    realm: "Secured Demo Area"

access_control:
    - { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
    #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

,但是我不知道在config.yml中设置什么 这是我的config.yml

 imports:
- { resource: parameters.yml }
- { resource: security.yml }

framework:
#esi:             ~
translator:       ~
secret:          %secret%
router:
    resource: "%kernel.root_dir%/config/routing.yml"
    strict_requirements: ~
form:            ~
csrf_protection: ~
validation:      { enable_annotations: true }
templating:
    engines: ['twig']
    #assets_version: SomeVersionScheme
default_locale:  "%locale%"
trusted_proxies: ~
session:         ~
fragments:       ~
http_method_override: true

# Twig Configuration
twig:
debug:            %kernel.debug%
strict_variables: %kernel.debug%

# Assetic Configuration
assetic:
debug:          %kernel.debug%
use_controller: false
bundles:        [ ]
#java: /usr/bin/java
filters:
    cssrewrite: ~
    #closure:
    #    jar: %kernel.root_dir%/Resources/java/compiler.jar
    #yui_css:
    #    jar: %kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar

# Doctrine Configuration
doctrine:
dbal:
    driver:   %database_driver%
    host:     %database_host%
    port:     %database_port%
    dbname:   %database_name%
    user:     %database_user%
    password: %database_password%
    charset:  UTF8
    # if using pdo_sqlite as your database driver, add the path in parameters.yml
    # e.g. database_path: %kernel.root_dir%/data/data.db3
    # path:     %database_path%

orm:
    auto_generate_proxy_classes: %kernel.debug%
    auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
transport: %mailer_transport%
host:      %mailer_host%
username:  %mailer_user%
password:  %mailer_password%
spool:     { type: memory }
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: Dashboard\UserBundle\Entity\User

这是我的控制器

<?php

namespace Proposals\ProposalsBundle\Controller;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;

use Proposals\ProposalsBundle\Entity\Proposals;
use Proposals\ProposalsBundle\Form\ProposalsType;

/**
* Proposals controller.
*
*/
class ProposalsController extends Controller
{

/**
 * Lists all Proposals entities.
 *
 */
public function indexAction()
{
    $em = $this->getDoctrine()->getManager();

    $entities = $em->getRepository('ProposalsProposalsBundle:Proposals')->findAll();

    return $this->render('ProposalsProposalsBundle:Proposals:index.html.twig', array(
        'entities' => $entities,
    ));
}

当我打开任何页面时,它不会检查任何用户是否已登录或不登录.我希望每个页面都通过登录确定,如果用户登录,则每个页面都打开了,如果未登录用户,则不在登录中,然后不显示或重定向到登录.帮助应用

推荐答案

每次相同时,没有人关注文档.韦恩.但是对于您的垃圾邮件,您不应该得到答案,但这是不公平的^^

security:
    firewalls:
        main:
            pattern: ^/
            # other settings
            anonymous:    true

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, role: ROLE_USER }

其他推荐答案

转到此URL localhost/quickbacklog/web/app_dev.php/dashboard
您必须在security.yml

中添加这样的添加
firewalls:
        main:
            pattern:    ^/
            form_login:
                provider:             fos_userbundle
                default_target_path:  /dashboard/                
            logout:     
                ........
                invalidate_session: false
            anonymous: ~

在路由文件

applicationlogin_success:
  pattern: /dashboard/
  defaults: { _controller: SampleBundle:Default:FrontPage } 

通过使用 default_target_path:routing_pattern
u将重定向...

本文地址:https://www.itbaoku.cn/post/2090738.html

问题描述

I want to have whole site secured through login with FOSUserBundle. I tried to set security.yml like this

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
    fos_userbundle:
        id: fos_user.user_manager

firewalls:
    main:
        pattern:    ^/
        form_login:
            check_path: /login_check
            login_path: /login
            provider: fos_userbundle
            always_use_default_target_path: true
            default_target_path: /dashboard
        logout:
            path:   /logout
            target: /
        anonymous: ~
        #http_basic:
        #    realm: "Secured Demo Area"

access_control:
    - { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
    #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

But then I don't know what to set in config.yml this is my config.yml

 imports:
- { resource: parameters.yml }
- { resource: security.yml }

framework:
#esi:             ~
translator:       ~
secret:          %secret%
router:
    resource: "%kernel.root_dir%/config/routing.yml"
    strict_requirements: ~
form:            ~
csrf_protection: ~
validation:      { enable_annotations: true }
templating:
    engines: ['twig']
    #assets_version: SomeVersionScheme
default_locale:  "%locale%"
trusted_proxies: ~
session:         ~
fragments:       ~
http_method_override: true

# Twig Configuration
twig:
debug:            %kernel.debug%
strict_variables: %kernel.debug%

# Assetic Configuration
assetic:
debug:          %kernel.debug%
use_controller: false
bundles:        [ ]
#java: /usr/bin/java
filters:
    cssrewrite: ~
    #closure:
    #    jar: %kernel.root_dir%/Resources/java/compiler.jar
    #yui_css:
    #    jar: %kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar

# Doctrine Configuration
doctrine:
dbal:
    driver:   %database_driver%
    host:     %database_host%
    port:     %database_port%
    dbname:   %database_name%
    user:     %database_user%
    password: %database_password%
    charset:  UTF8
    # if using pdo_sqlite as your database driver, add the path in parameters.yml
    # e.g. database_path: %kernel.root_dir%/data/data.db3
    # path:     %database_path%

orm:
    auto_generate_proxy_classes: %kernel.debug%
    auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
transport: %mailer_transport%
host:      %mailer_host%
username:  %mailer_user%
password:  %mailer_password%
spool:     { type: memory }
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: Dashboard\UserBundle\Entity\User

and this is my controller

<?php

namespace Proposals\ProposalsBundle\Controller;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;

use Proposals\ProposalsBundle\Entity\Proposals;
use Proposals\ProposalsBundle\Form\ProposalsType;

/**
* Proposals controller.
*
*/
class ProposalsController extends Controller
{

/**
 * Lists all Proposals entities.
 *
 */
public function indexAction()
{
    $em = $this->getDoctrine()->getManager();

    $entities = $em->getRepository('ProposalsProposalsBundle:Proposals')->findAll();

    return $this->render('ProposalsProposalsBundle:Proposals:index.html.twig', array(
        'entities' => $entities,
    ));
}

When i open any page its not check either user is logged in or not.I want every page is secured through login if user logged in then every page open if user not logged in then page not show or redirect to login.any help appriciated

推荐答案

Every time the same, nobody bats an eye on the documentation. Wayne. But for your spamming you shouldn't get a answer, but this would be unfair ^^

security:
    firewalls:
        main:
            pattern: ^/
            # other settings
            anonymous:    true

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, role: ROLE_USER }

其他推荐答案

for move to this URL localhost/QuickBacklog/web/app_dev.php/dashboard
you must add like this in the security.yml

firewalls:
        main:
            pattern:    ^/
            form_login:
                provider:             fos_userbundle
                default_target_path:  /dashboard/                
            logout:     
                ........
                invalidate_session: false
            anonymous: ~

In the routing file

applicationlogin_success:
  pattern: /dashboard/
  defaults: { _controller: SampleBundle:Default:FrontPage } 

BY USING default_target_path : ROUTING_PATTERN
u will redirect it...