Symfony模拟-单独的防火墙和单独的用户提供程序 [英] Symfony impersonation - separate firewalls and separate user providers
问题描述
我有一个带有两个防火墙的Symfony应用程序,一个用于管理员,一个用于普通用户.
I have a Symfony application with two firewalls, one for admins and one for normal users.
admin:
provider: admin
# etc
main_site:
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
我希望管理员用户能够假冒正常用户.考虑到他们正在使用单独的防火墙和单独的用户提供程序,我该怎么办?
I'd like admin users to be able to impersonate normal users. How can I do this, given that they're using separate firewalls and separate user providers?
推荐答案
要使它正常工作,我必须做几件事.
There were several things I had to do to get this to work.
上下文密钥:如此处所述,我必须为两个防火墙提供相同的上下文.没有此功能,尝试切换用户时,管理员将被带到登录页面.
Context key: As described here, I had to give both firewalls the same context. Without this, admins were taken to the login page when trying to switch users.
在两个防火墙上配置:我必须将基本的switch_user
配置密钥添加到两个防火墙:
Config on both firewalls: I had to add the basic switch_user
configuration keys to both firewalls:
switch_user:
role: ROLE_ADMIN
如果我只是将配置放在main_site
防火墙上,则当退出模拟并进入管理页面时,管理员会收到拒绝访问的消息. (例如,路线/admin/dashboard?_switch_user=_exit
会给出403).
If I just put the config on the main_site
firewall, admins got an access denied message when exiting impersonation and going to an admin page. (For example, the route /admin/dashboard?_switch_user=_exit
would give a 403).
提供者密钥:
main_site:
switch_user:
role: ROLE_ADMIN
provider: fos_userbundle
否则,我收到错误消息切换用户失败-未找到user@example.com".深入研究代码,结果发现正在使用admin
用户提供程序,并且在使用该提供程序时当然找不到正常用户.
Without this, I got the error "Switch User failed - user@example.com not found". Digging into the code, it turned out that the admin
user provider was being used, and of course the normal users couldn't be found when using that provider.
(switch_user
配置的provider
键在此处中进行了讨论.)
(provider
key for switch_user
config discussed here.)
或者,我可以将其添加为防火墙本身的提供程序密钥:
Alternatively, I could have added this as a provider key for the firewall itself:
main_site:
switch_user:
role: ROLE_ADMIN
provider: fos_userbundle
您会从我的问题中的配置中看到,fos_userbundle
仅被指定为form_login
的提供者,而不是整个main_site
的提供者,这就是为什么直到我添加它才一直使用它的原因.将其添加到任意位置(模拟配置或整个防火墙)即可解决问题.
You'll see from the config in my question that fos_userbundle
was only specified as a provider for form_login
, not for main_site
as a whole, which is why it wasn't being used until I added it. Adding it in either place (impersonation config or whole firewall) would do the trick.
以下是全套相关配置:
admin:
provider: admin
# Have to put basic switch_user config on both firewalls
switch_user:
role: ROLE_ADMIN
# Both the admin and main_site firewalls have the same context, to allow
# cross-firewall impersonation
# https://stackoverflow.com/a/17991481/328817
context: boardworks
main_site:
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
switch_user:
role: ROLE_ADMIN
# Have to explicitly set the provider, otherwise the site will use the admin
# user provider when looking up the users whom admins are trying to impersonate
provider: fos_userbundle
# Rather than adding the provider above, I could have added it here:
#provider: fos_userbundle
这篇关于Symfony模拟-单独的防火墙和单独的用户提供程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!