Symfony 2-使用"HTTP身份验证"对话框隐藏整个网站 [英] Symfony 2 - hide the whole website with a HTTP Authentication dialog
问题描述
我正在使用Symfony 2建立网站.
I am using Symfony 2 for building a website.
工作正在进行中(因此,我不希望用户或搜索引擎访问它),但是我的客户希望看到我的进度.我当时想一个简单的解决方案是使用Symfony 2安全功能提供的机制通过HTTP身份验证保护整个网站.
The work is in progress (therefore I don't want users or search engines to access it) but my client wants to see my progress. I was thinking an easy solution was to protect the whole website with HTTP authentication using the mechanism provided by the Symfony 2 security functionality.
我正在使用FOSUserBundle,因为该网站将有需要注册和登录的用户.
I am using FOSUserBundle as the website will have users that need to register and login.
这是我的security.yml,效果很好:
This is my security.yml, which works great:
security:
providers:
fos_userbundle:
id: fos_user.user_manager
encoders:
"FOS\UserBundle\Model\UserInterface": sha512
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/account, role: IS_AUTHENTICATED_FULLY }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
因此,我试图在其顶部添加其他内容,以使该网站受到HTTP身份验证的保护.
我将文件更改为:
Therefore I was trying to add something else on top of it, to allow the website to be protected by HTTP Authentication.
I changed the file to:
security:
providers:
fos_userbundle:
id: fos_user.user_manager
whole_website_provider:
users:
ryan: { password: ryanpass, roles: 'ROLE_USER' }
encoders:
"FOS\UserBundle\Model\UserInterface": sha512
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
whole_website:
pattern: ^/
anonymous: ~
http_basic:
realm: "Secured Demo Area"
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/account, role: IS_AUTHENTICATED_FULLY }
- { path: ^/, role: ROLE_USER }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
基本上,我添加了whole_website_provider提供程序,whole_website防火墙和一个额外的access_control.
但这是行不通的:当我访问该网站时,我被重定向到登录表单,就是这样.
Basically I added the whole_website_provider provider, the whole_website firewall and an extra access_control.
But that didn't work: when I access the website, I get redirected to the login form, that's it.
您是否知道我是否可以做到以及如何做到?
Have you got any idea whether I can do it and how?
注意:我不希望使用任何Apache功能.
N.B.: I would prefer not to use any Apache feature for it.
推荐答案
在我看来,您需要的不是使用HTTP身份验证来管理用户,而是使用HTTP身份验证来限制对您网站的访问.请勿为此使用Symfony2安全性.
On my opinion, what you need is not to manage users with HTTP authentication but to restrict access to your site with HTTP authentication. Don't use Symfony2 security for that.
让您的symfony2应用程序安全性保持在生产模式,并使用apache .htaccess限制对网站的访问.
Leave your symfony2 app security as it will be in production mode and use apache .htaccess to restrict access to the site.
文档在此处 http://httpd.apache.org/docs/2.2 /howto/auth.html .您只需要在web/.htaccess中添加一些指令,然后按照文档中的说明创建用户/密码文件即可.
Documentation is here http://httpd.apache.org/docs/2.2/howto/auth.html. You just have to add some directives in web/.htaccess, and create a user/password file as explained in the doc...
这篇关于Symfony 2-使用"HTTP身份验证"对话框隐藏整个网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
