即使在公共页面上登录,也可以使用匿名标记[英] Anonymous token even if logged in in public pages

本文是小编为大家收集整理的关于即使在公共页面上登录,也可以使用匿名标记的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我在设置安全性时遇到了一些问题.

我希望匿名和登录成员都可以访问页面.我希望它根据情况显示不同的内容(实际上,我想在我继续时仍然以会员身份登录).

我要公开访问的页面是 ^/profile.

我这样设置我的 security.yml :

jms_security_extra:
secure_all_services: false
expressions: true

security:
    encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

   # Firewall pour les pages de connexion, inscription, et récupération de mot de passe
        login:
           pattern: ^/(login$|register|resetting) # Les adresses de ces pages sont login, register et resetting
            anonymous: true                        # On autorise bien évidemment les anonymes sur ces pages # Firewall principal pour le reste de notre site
        public:
           pattern:            ^/profile
           anonymous:          true
           homepage:
           pattern: ^/$
               anonymous: true
               main:
                  pattern: ^/                           # ^/ = tout ce qui commence par / = tout notre site
        form_login:                            # On définit notre méthode d'authentification
            provider: fos_userbundle           # On lie l'authentification au provider définit plus haut
            remember_me: true                  # On active la possibilité du "Se souvenir de moi" (désactivé par défaut) 
        remember_me:
            key: %secret%                      # On définit la clé pour le remember_me (%secret% est un parametre de parameters.yml)
        anonymous: false                       # On autorise les utilisateurs anonymes (non identifiés)
        logout: true                           # On autorise la déconnexion manuelle (désactivé par défaut)
        #anonymous: ~
        #http_basic:
        #    realm: "Secured Demo Area"          

   access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

我的问题是,当我登录并访问此页面时,就像我没有登录(我有我的登录按钮),因为防火墙给了我一个匿名令牌.

感谢您的帮助.脚手架

推荐答案

认证中的常见陷阱:

<块引用>

多个防火墙不共享安全上下文
如果您使用多个防火墙并针对一个防火墙进行身份验证,则不会自动针对任何其他防火墙进行身份验证.不同的防火墙就像不同的安全系统.为此,您必须为不同的防火墙明确指定相同的防火墙上下文.但通常对于大多数应用程序来说,拥有一个主防火墙就足够了.

因此,将所有内容放在一个主防火墙下并使用 ACL,如 FOSUSerBundle安装步骤4.

jms_security_extra:
secure_all_services: false
expressions: true

security:
    encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                remember_me: true
            logout:       true
            anonymous:    true
            remember_me:
                key: %secret%          

   access_control:
    - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/profile, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_USER }

本文地址:https://www.itbaoku.cn/post/2090833.html

问题描述

I'm having some trouble setting my security.

I want a page to be accessible both by anonymous and by logged in members. I want it to show different content depending on the situation (in fact, i want to still be logged in as a member when i go on it).

The page I want to give public access is ^/profile.

I set my security.yml like that :

jms_security_extra:
secure_all_services: false
expressions: true

security:
    encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

   # Firewall pour les pages de connexion, inscription, et récupération de mot de passe
        login:
           pattern: ^/(login$|register|resetting) # Les adresses de ces pages sont login, register et resetting
            anonymous: true                        # On autorise bien évidemment les anonymes sur ces pages # Firewall principal pour le reste de notre site
        public:
           pattern:            ^/profile
           anonymous:          true
           homepage:
           pattern: ^/$
               anonymous: true
               main:
                  pattern: ^/                           # ^/ = tout ce qui commence par / = tout notre site
        form_login:                            # On définit notre méthode d'authentification
            provider: fos_userbundle           # On lie l'authentification au provider définit plus haut
            remember_me: true                  # On active la possibilité du "Se souvenir de moi" (désactivé par défaut) 
        remember_me:
            key: %secret%                      # On définit la clé pour le remember_me (%secret% est un parametre de parameters.yml)
        anonymous: false                       # On autorise les utilisateurs anonymes (non identifiés)
        logout: true                           # On autorise la déconnexion manuelle (désactivé par défaut)
        #anonymous: ~
        #http_basic:
        #    realm: "Secured Demo Area"          

   access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

My problem is that when I'm logged in and I access this page, it's like i'm not logged in (i've got my log in button) because the firewall give me an anonymous token.

thanks for your help. Scaff

推荐答案

Common pitfalls in authentication:

Multiple firewalls don't share security context
If you're using multiple firewalls and you authenticate against one firewall, you will not be authenticated against any other firewalls automatically. Different firewalls are like different security systems. To do this you have to explicitly specify the same Firewall Context for different firewalls. But usually for most applications, having one main firewall is enough.

So put all under one main firewall and use ACLs as in the FOSUSerBundle installation step 4.

jms_security_extra:
secure_all_services: false
expressions: true

security:
    encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                remember_me: true
            logout:       true
            anonymous:    true
            remember_me:
                key: %secret%          

   access_control:
    - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/profile, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_USER }