带有 FOSOAuthServer/FOSRest & 的 RESTFul OAuthFOS用户 [英] RESTFul OAuth with FOSOAuthServer / FOSRest & FOSUser
问题描述
我很难完全理解客户端创建的概念解释此处.我按照帖子设置了 OAuthBundle,并尝试做出符合 FOSUser 所需的更改.虽然我不确定它是否完美.
I'm having difficulties to fully understand the concept of the client creation explained here. I followed the post to set up the OAuthBundle, and tried to make the changes needed to comply with FOSUser. Though I'm not sure it's perfect.
我的情况
- 我的网站是一个 RESTFul API,它只返回 json 或 xml.我的前端将使用 AngularJS
- 我结合了 FOSUser、FOSRest 和 FOSOAuth,可能是我在配置中遇到了错误.
问题
我完成了文章的第一部分到 doctrine:schema:update
命令的设置.现在我应该创建一个客户端.
I finished setting up the first part of the article up to the doctrine:schema:update
command. Now I'm supposed to create a client.
如何为不同角色的 ^/api
部分设置安全性?
How can I set the security for parts of the ^/api
for differents ROLES ?
示例:
- 匿名用户可以访问 POST
/api/users
但不能访问 GET/api/users. - 只有具有
ROLE_ADMIN
的用户才能访问 DELETE/api/users/{id}
- Anonymous users can access POST
/api/users
but not GET /api/users. - Only users with
ROLE_ADMIN
can access DELETE/api/users/{id}
为了测试,我使用 Postman(支持 OAuth1 & 2,以及其他方式认证).
For testing I'm using Postman (that support OAuth1 & 2, along with other means of auth).
推荐答案
在 security.yml 中使用表达式
为了通过(request)-method AND (user)-role 的条件组合来保护某些路由......
Using expressions in security.yml
In order to secure certain routes by a conditional combination of (request)-method AND (user)-role ...
...你可以使用表达式 在您的 security.yml
中.
... you can make use of Expressions in your security.yml
.
更多信息可以在文档章节通过表达式保护.
More information can be found in the documentation chapter Securing by an Expression.
只有具有 ROLE_ADMIN
角色的用户才能使用 DELETE
请求访问 /api/users/{id}
:
Only users with role ROLE_ADMIN
shall be allowed to access /api/users/{id}
using a DELETE
request:
# app/config/security.yml
security:
# ...
access_control:
- path: "^/api/users/\d+$"
allow_if: "'DELETE' == request.getMethod() and has_role('ROLE_ADMIN')"
正则表达式说明
^
以 开头\d+
一位或多位数字(= 用户 ID)$
字符串结束
^
begins with\d+
one or more digits (= user id)$
string end
这篇关于带有 FOSOAuthServer/FOSRest & 的 RESTFul OAuthFOS用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!