Symfony模拟-单独的防火墙和单独的用户提供程序 [英] Symfony impersonation - separate firewalls and separate user providers

问题描述

我有一个带有两个防火墙的Symfony应用程序，一个用于管理员，一个用于普通用户.

I have a Symfony application with two firewalls, one for admins and one for normal users.

admin:
    provider: admin
    # etc

main_site:
    form_login:
        provider: fos_userbundle
        csrf_provider: form.csrf_provider

我希望管理员用户能够假冒正常用户.考虑到他们正在使用单独的防火墙和单独的用户提供程序，我该怎么办?

I'd like admin users to be able to impersonate normal users. How can I do this, given that they're using separate firewalls and separate user providers?

推荐答案

要使它正常工作，我必须做几件事.

There were several things I had to do to get this to work.

上下文密钥:如此处所述，我必须为两个防火墙提供相同的上下文.没有此功能，尝试切换用户时，管理员将被带到登录页面.

Context key: As described here, I had to give both firewalls the same context. Without this, admins were taken to the login page when trying to switch users.

在两个防火墙上配置:我必须将基本的switch_user配置密钥添加到两个防火墙:

Config on both firewalls: I had to add the basic switch_user configuration keys to both firewalls:

switch_user:
    role: ROLE_ADMIN

如果我只是将配置放在main_site防火墙上，则当退出模拟并进入管理页面时，管理员会收到拒绝访问的消息. (例如，路线/admin/dashboard?_switch_user=_exit会给出403).

If I just put the config on the main_site firewall, admins got an access denied message when exiting impersonation and going to an admin page. (For example, the route /admin/dashboard?_switch_user=_exit would give a 403).

提供者密钥:

main_site:
    switch_user:
        role: ROLE_ADMIN
        provider: fos_userbundle

否则，我收到错误消息切换用户失败-未找到user@example.com".深入研究代码，结果发现正在使用admin用户提供程序，并且在使用该提供程序时当然找不到正常用户.

Without this, I got the error "Switch User failed - user@example.com not found". Digging into the code, it turned out that the admin user provider was being used, and of course the normal users couldn't be found when using that provider.

(switch_user配置的provider键在此处中进行了讨论.)

(provider key for switch_user config discussed here.)

或者，我可以将其添加为防火墙本身的提供程序密钥:

Alternatively, I could have added this as a provider key for the firewall itself:

main_site:
    switch_user:
        role: ROLE_ADMIN
    provider: fos_userbundle

您会从我的问题中的配置中看到，fos_userbundle仅被指定为form_login的提供者，而不是整个main_site的提供者，这就是为什么直到我添加它才一直使用它的原因.将其添加到任意位置(模拟配置或整个防火墙)即可解决问题.

You'll see from the config in my question that fos_userbundle was only specified as a provider for form_login, not for main_site as a whole, which is why it wasn't being used until I added it. Adding it in either place (impersonation config or whole firewall) would do the trick.

以下是全套相关配置:

admin:
    provider: admin
    # Have to put basic switch_user config on both firewalls
    switch_user:
        role: ROLE_ADMIN
    # Both the admin and main_site firewalls have the same context, to allow
    # cross-firewall impersonation
    # https://stackoverflow.com/a/17991481/328817
    context: boardworks

main_site:
    form_login:
        provider: fos_userbundle
        csrf_provider: form.csrf_provider
    switch_user:
        role: ROLE_ADMIN
        # Have to explicitly set the provider, otherwise the site will use the admin
        # user provider when looking up the users whom admins are trying to impersonate
        provider: fos_userbundle
    # Rather than adding the provider above, I could have added it here:
    #provider: fos_userbundle

这篇关于Symfony模拟-单独的防火墙和单独的用户提供程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！