强制用户在Symfony 2中登录 [英] Force user login in Symfony 2
问题描述
每当我尝试删除security.yml中的 anonymous:〜
配置时,系统最终都会返回错误310:重定向循环。
Whenever I try to remove the anonymous: ~
configuration in security.yml, The system ends up returning an Error 310: Redirect loop.
这是到目前为止的配置:
This is the config so far:
firewalls:
secured_area:
pattern: ^/
#anonymous: ~
form_login:
check_path: /login_check
login_path: /login
logout:
path: /logout
推荐答案
尝试一下:
firewalls:
secured_area:
pattern: ^/
#anonymous: ~
form_login:
check_path: /login_check
login_path: /login
logout:
path: /logout
login_firewall:
pattern: ^/login$
anonymous: ~
请参阅文档 http://symfony.com/doc/current/book/security.html#book-security-common-pitfalls
确保登录页面不安全
此外,请确保登录页面不需要查看任何角色。例如,以下配置-需要所有URL(包括/ login URL)具有ROLE_ADMIN角色,将导致重定向循环:
Also, be sure that the login page does not require any roles to be viewed. For example, the following configuration - which requires the ROLE_ADMIN role for all URLs (including the /login URL), will cause a redirect loop:
access_control:
- { path: ^/, roles: ROLE_ADMIN }
/ login URL上的访问控制可解决此问题:
Removing the access control on the /login URL fixes the problem:
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
如果您的防火墙不允许匿名用户,则需要创建一个特殊的防火墙,允许匿名用户进入登录页面:
Also, if your firewall does not allow for anonymous users, you'll need to create a special firewall that allows anonymous users for the login page:
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
secured_area:
pattern: ^/
form_login: ~
这篇关于强制用户在Symfony 2中登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!