Symfony2 FOSUserBundle不能将认证的用户设置为会话?[英] Symfony2 FOSUserBundle not setting authenticated user to session?

本文是小编为大家收集整理的关于Symfony2 FOSUserBundle不能将认证的用户设置为会话?的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我安装了一个非常基本的Symfony2.1设置.

注册时,一切都很好,我被重定向到我的目标路径,调试栏表明我是自己的身份验证.

登录时,以不良信誉提交表格会这样反映,但是如果我以正确的信誉登录,我会重定向到我的目标路径,但我仍然是匿名的,因此身份验证是成功的,但不持续存在会话.

我想念什么吗?我已经遵循了基本的配置,几乎没有自定义.不确定如何进行调试(Symfony1,Symfony 2).

.

fosuserbundle的InteractiveLogInListener on SecurityInteractivelogin具有并正确更新用户的最后登录日期,我不确定在什么时候绑定到Security.Context.

我是要注册自己的听众还是不起作用?在整个捆绑包中搜索安全性.Context似乎仅将其设置为注册和重置?


security.yml

security:
    acl:
        connection: default

    providers:
        fos_userbundle:
            id: fos_user.user_manager

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        # SONATA:
        #     - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented

    firewalls:
        # -> custom firewall for the admin area of the URL
        admin:
            switch_user:        true
            context:            user
            pattern:            /admin(.*)
            form_login:
                provider:       fos_userbundle
                login_path:     /admin/login
                use_forward:    false
                check_path:     /admin/login_check

                # login success redirecting options (read further below)
                always_use_default_target_path: false
                default_target_path:            /admin/dashboard
                target_path_parameter:          _target_path
                use_referer:                    false

                failure_path:   null
                use_referer:    true
            logout:
                path:           /admin/logout
                target:         /admin/login
            anonymous:    true
        # -> end custom configuration

        # default login area for standard users
        main:
            switch_user:        true
            context:            user
            pattern:            .*
            form_login:
                provider:       fos_userbundle

                # the user is redirected here when he/she needs to login
                login_path:                     /login

                # if true, forward the user to the login form instead of redirecting
                use_forward:                    false

                # submit the login form here
                check_path:                     /login_check

                # login success redirecting options (read further below)
                always_use_default_target_path: false
                default_target_path:            /
                target_path_parameter:          _target_path
                use_referer:                    false

                # login failure redirecting options (read further below)
                failure_path:                   null
                failure_forward:                false

                # csrf token options
                csrf_parameter:                 _csrf_token
                intention:                      authenticate

            logout:             true
            anonymous:          true
        # -> end default configuration


    access_control:
        # URL of FOSUserBundle which need to be available to anonymous users
        - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # -> custom access control for the admin area of the URL
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # -> end

        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Secured part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

jms_security_extra:
    secure_all_services: false
    expressions: true

logs

[2012-07-05 15:12:50] security.INFO: User "steve" has been authenticated successfully [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "security.interactive_login" to listener "FOS\UserBundle\Security\InteractiveLoginListener::onSecurityInteractiveLogin". [] []
[2012-07-05 15:12:50] doctrine.DEBUG: UPDATE fos_user_user SET last_login = ?, updated_at = ? WHERE id = ? ([{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},1]) [] []
[2012-07-05 15:12:50] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2012-07-05 15:12:50] security.DEBUG: Write SecurityContext in the session [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\SecurityBundle\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2012-07-05 15:12:51] request.INFO: Matched route "sonata_admin_dashboard" (parameters: "_controller": "Sonata\AdminBundle\Controller\CoreController::dashboardAction", "_route": "sonata_admin_dashboard") [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2012-07-05 15:12:51] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2012-07-05 15:12:51] security.DEBUG: Access is denied (user is not fully authenticated) by "/var/www/motoratings/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70; redirecting to authentication entry point [] []
[2012-07-05 15:12:51] security.DEBUG: Calling Authentication entry point [] []

推荐答案

事实证明,答案只是为了清除我的浏览器的cookie,出于某种原因我有2个phpsessid cookie设置..不知道这是怎么可能的?

我的假设是这是由于解决这个问题,也许是因为我有2个防火墙,后来我将其剥离为1?

Symfony似乎在骑phpsessid cookie,每一页都在更改它,因此任何身份验证都在一个不会持续到下一个的会话中 - 因此给了我所描述的问题.

.

是否有合法的原因设置了2个cookie?在清除它们之前,我没有正确调查它,我想那一定有不同的道路或其他方法?

其他推荐答案

在黑暗中刺伤,但是您的用户类getRoles()方法在任何情况下都会返回cool_user,因为如果此方法不返回任何内容,则用户将被视为匿名,因此未经过身份验证.

其他推荐答案

在黑暗中的另一个刺伤,似乎您正在重定向到sonata_admin_dashboard路线,该路线可以解决到/admin/dashboard url.根据您的security.yml,看来用户需要具有ROLE_ADMIN或ROLE_SONATA_ADMIN访问页面的角色.

本文地址:https://www.itbaoku.cn/post/2090801.html

问题描述

I have a very basic Symfony2.1 setup with FOSUserBundle installed.

When registering all is well and I am redirected to my target path and the debug bar shows that I am authenticated as myself.

When logging in however, submitting the form with bad creds will reflect as such, but if I login with the correct creds, I get redirected to my target path but I'm still anon, so authentication is successful but not persisted in the session.

Am I missing something? I have followed the basic configuration pretty much exactly with little customisation. Unsure how to go about debugging this (experience with Symfony1, new to Symfony2).

FOSUserBundle's InteractiveLoginListener onSecurityInteractiveLogin has and correctly updates the user with last login date, I'm not sure at what point this would be bound to security.context if at all nor where to look.

Am I meant to register my own listener or is something not working? Searching the entire bundle for security.context seems to lead to this only being set for registration and resetting?


security.yml

security:
    acl:
        connection: default

    providers:
        fos_userbundle:
            id: fos_user.user_manager

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        # SONATA:
        #     - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented

    firewalls:
        # -> custom firewall for the admin area of the URL
        admin:
            switch_user:        true
            context:            user
            pattern:            /admin(.*)
            form_login:
                provider:       fos_userbundle
                login_path:     /admin/login
                use_forward:    false
                check_path:     /admin/login_check

                # login success redirecting options (read further below)
                always_use_default_target_path: false
                default_target_path:            /admin/dashboard
                target_path_parameter:          _target_path
                use_referer:                    false

                failure_path:   null
                use_referer:    true
            logout:
                path:           /admin/logout
                target:         /admin/login
            anonymous:    true
        # -> end custom configuration

        # default login area for standard users
        main:
            switch_user:        true
            context:            user
            pattern:            .*
            form_login:
                provider:       fos_userbundle

                # the user is redirected here when he/she needs to login
                login_path:                     /login

                # if true, forward the user to the login form instead of redirecting
                use_forward:                    false

                # submit the login form here
                check_path:                     /login_check

                # login success redirecting options (read further below)
                always_use_default_target_path: false
                default_target_path:            /
                target_path_parameter:          _target_path
                use_referer:                    false

                # login failure redirecting options (read further below)
                failure_path:                   null
                failure_forward:                false

                # csrf token options
                csrf_parameter:                 _csrf_token
                intention:                      authenticate

            logout:             true
            anonymous:          true
        # -> end default configuration


    access_control:
        # URL of FOSUserBundle which need to be available to anonymous users
        - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # -> custom access control for the admin area of the URL
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # -> end

        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Secured part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

jms_security_extra:
    secure_all_services: false
    expressions: true

Logs

[2012-07-05 15:12:50] security.INFO: User "steve" has been authenticated successfully [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "security.interactive_login" to listener "FOS\UserBundle\Security\InteractiveLoginListener::onSecurityInteractiveLogin". [] []
[2012-07-05 15:12:50] doctrine.DEBUG: UPDATE fos_user_user SET last_login = ?, updated_at = ? WHERE id = ? ([{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},1]) [] []
[2012-07-05 15:12:50] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2012-07-05 15:12:50] security.DEBUG: Write SecurityContext in the session [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\SecurityBundle\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2012-07-05 15:12:51] request.INFO: Matched route "sonata_admin_dashboard" (parameters: "_controller": "Sonata\AdminBundle\Controller\CoreController::dashboardAction", "_route": "sonata_admin_dashboard") [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2012-07-05 15:12:51] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2012-07-05 15:12:51] security.DEBUG: Access is denied (user is not fully authenticated) by "/var/www/motoratings/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70; redirecting to authentication entry point [] []
[2012-07-05 15:12:51] security.DEBUG: Calling Authentication entry point [] []

推荐答案

It turns out the answer was simply to clear my browser's cookies, for some reason I had 2 PHPSESSID cookies set.. no idea how that's even possible?

My assumption is that this was due to fiddling with this, and maybe because I had 2 firewalls which I later stripped down to 1?

It seemed that Symfony was cycling the PHPSESSID cookies, every page hit it was changing, so any authentication was on a session that wasn't persisted to the next- and thus gave me the described problem.

Is there a legitimate reason there'd be 2 cookies set?.. Surely it's not even possible to have 2 cookies of the same name set? I didn't investigate it properly before clearing them, I guess that must have had different paths or something?.. But yet they both seemed to be present on every request.

其他推荐答案

A stab in the dark, but does your user class getRoles() method returns a ROLE_USER in any case because if this method does not return anything, the user will be considered as anonymous and thus not authenticated.

其他推荐答案

Another stab in the dark, it seems that you are redirecting to sonata_admin_dashboard route, which resolves to /admin/dashboard url. According to your security.yml it seems that the user needs to have ROLE_ADMIN or ROLE_SONATA_ADMIN role to access the page.