强制用户在Symfony 2中登录 [英] Force user login in Symfony 2

问题描述

每当我尝试删除security.yml中的 anonymous：〜配置时，系统最终都会返回错误310：重定向循环。

Whenever I try to remove the anonymous: ~ configuration in security.yml, The system ends up returning an Error 310: Redirect loop.

这是到目前为止的配置：

This is the config so far:

    firewalls:
    secured_area:
        pattern: ^/
        #anonymous: ~
        form_login:
            check_path: /login_check
            login_path: /login
        logout:
            path: /logout

推荐答案

尝试一下：

firewalls:
    secured_area:
        pattern: ^/
        #anonymous: ~
        form_login:
            check_path: /login_check
            login_path: /login
        logout:
            path: /logout
    login_firewall:
        pattern:    ^/login$
        anonymous:  ~

请参阅文档 http://symfony.com/doc/current/book/security.html#book-security-common-pitfalls

确保登录页面不安全

此外，请确保登录页面不需要查看任何角色。例如，以下配置-需要所有URL（包括/ login URL）具有ROLE_ADMIN角色，将导致重定向循环：

Also, be sure that the login page does not require any roles to be viewed. For example, the following configuration - which requires the ROLE_ADMIN role for all URLs (including the /login URL), will cause a redirect loop:

access_control:
    - { path: ^/, roles: ROLE_ADMIN }

/ login URL上的访问控制可解决此问题：

Removing the access control on the /login URL fixes the problem:

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_ADMIN }

如果您的防火墙不允许匿名用户，则需要创建一个特殊的防火墙，允许匿名用户进入登录页面：

Also, if your firewall does not allow for anonymous users, you'll need to create a special firewall that allows anonymous users for the login page:

firewalls:
    login_firewall:
        pattern:    ^/login$
        anonymous:  ~
    secured_area:
        pattern:    ^/
        form_login: ~

这篇关于强制用户在Symfony 2中登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！