sfGuardUser中的auth问题(安全过滤器)Symfony [英] auth problems (security filters) in sfGuardUser Symfony
问题描述
我使用Symfony 1.2.7和sfGuardUser插件。我可以查看所有的页面,登录和注销。但是,当我尝试编辑(只是去表单)或更新对象(保存更改)有时我有问题的auth,symfony重定向到编辑表单页面。我对有时加了一些强调,因为它使我疯狂:)
用户有cookie和remember_cookie。
在filters.yml中,我有以下内容:
我使用cookie域.domain.comsecurity:〜
记住:
class:sfGuardBasicSecurityFilter
过滤器是许多人使用的过滤器:
class sfGuardBasicSecurityFilter extends sfFilter
{
public function execute($ filterChain)
{
if($ this-> isFirstCall()&&!$ this-> ; getContext() - > getUser() - > isAuthenticated())
{
if($ cookie = $ this-> getContext() - > getRequest() - > getCookie sfConfig :: get('app_sf_guard_plugin_remember_cookie_name','sfRemember')))
{
$ q = Doctrine_Query :: create()
- > from('sfGuardRememberKey r')
- > innerJoin('r.sfGuardUser u')
- >其中('r.remember_key =?',$ cookie);
if($ q-> count())
{
$ this-> getContext() - > getUser > fetchOne() - > sfGuardUser);
}
}
}
$ filterChain-> execute();
}
}
在模块/ config / security.yml
编辑:
is_secure:on
更新:
is_secure:on
看看http标头,它回传一个HTTP 302答案。如果我看看引起重定向的代码;我注意到它似乎就在编辑或更新操作之前无法识别用户:
Jul 08 19 :03:15 symfony [info] {sfFilterChain}执行过滤器sfBasicSecurityFilter
Jul 08 19:03:15 symfony [info] {sfFilterChain}执行过滤器sfRenderingFilter
Jul 08 19:03:15 symfony [信息] {sfFilterChain}执行过滤器sfGuardBasicSecurityFilter
Jul 08 19:03:15 symfony [info] {sfDoctrineLogger} executeQuery:SELECT COUNT(*)AS num_results FROM(SELECT s.id,s.ip_address FROM sf_guard_remember_key s ...
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery:SELECT s.id AS s__id,s.user_id AS s__user_id,s.remember_key AS s__remember_key,s.ip_address ...
Jul 08 19:03:16 symfony [info] {myUser}用户已通过身份验证
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery:SELECT s.id AS s__id,s。 name AS s__name,s.description AS s__description,s.created_at AS ....
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery:SELECT s.id AS s__id,s.name AS s__name ,s.description AS s__description,s.created_at AS ....
Jul 08 19:03:16 symfony [info] {myUser}添加凭证
Jul 08 19:03: 16 symfony [info] {sfDoctrineLogger} executeQuery:UPDATE sf_guard_user SET last_login =?,updated_at =? WHERE id =? - (...
Jul 08 19:03:16 symfony [info] {sfFilterChain}执行过滤器subdomainFilter
有什么想法,我可以继续寻找或如何解决它?
非常感谢!
<解决方案
固定,这是一个问题,有两个服务器同时运行我们已改变为使用Memcache的cookie存储。
I'm using Symfony 1.2.7, and sfGuardUser Plugin. I'm able to view all the pages, login and logout. However when I try to edit (just going to the form) or update an object (saving the changes) sometimes I have problems of auth, and symfony redirects me to the edit form page again. I put some emphasys on sometimes because it's what it's driving me crazy :)
Users have cookies and the remember_cookie. I'm using the cookie domain ".domain.com" for both cookies because we work with subdomains.
On filters.yml I have the following:
security: ~
remember:
class: sfGuardBasicSecurityFilter
that filter is the one used by many:
class sfGuardBasicSecurityFilter extends sfFilter
{
public function execute ($filterChain)
{
if ($this->isFirstCall() && !$this->getContext()->getUser()->isAuthenticated())
{
if ($cookie = $this->getContext()->getRequest()->getCookie(sfConfig::get('app_sf_guard_plugin_remember_cookie_name', 'sfRemember')))
{
$q = Doctrine_Query::create()
->from('sfGuardRememberKey r')
->innerJoin('r.sfGuardUser u')
->where('r.remember_key = ?', $cookie);
if ($q->count())
{
$this->getContext()->getUser()->signIn($q->fetchOne()->sfGuardUser);
}
}
}
$filterChain->execute();
}
}
On the module/config/security.yml
edit:
is_secure: on
update:
is_secure: on
Looking at http headers, it returs me a HTTP 302 answer. If I look at the code that provokes that redirection; I've noticed that it seems like just before the edit or update action it doesn't recognize the user:
Jul 08 19:03:15 symfony [info] {sfFilterChain} Executing filter "sfBasicSecurityFilter"
Jul 08 19:03:15 symfony [info] {sfFilterChain} Executing filter "sfRenderingFilter"
Jul 08 19:03:15 symfony [info] {sfFilterChain} Executing filter "sfGuardBasicSecurityFilter"
Jul 08 19:03:15 symfony [info] {sfDoctrineLogger} executeQuery : SELECT COUNT(*) AS num_results FROM (SELECT s.id, s.ip_address FROM sf_guard_remember_key s ...
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery : SELECT s.id AS s__id, s.user_id AS s__user_id, s.remember_key AS s__remember_key, s.ip_address ...
Jul 08 19:03:16 symfony [info] {myUser} User is authenticated
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery : SELECT s.id AS s__id, s.name AS s__name, s.description AS s__description, s.created_at AS ....
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery : SELECT s.id AS s__id, s.name AS s__name, s.description AS s__description, s.created_at AS ....
Jul 08 19:03:16 symfony [info] {myUser} Add credential(s) ""
Jul 08 19:03:16 symfony [info] {sfDoctrineLogger} executeQuery : UPDATE sf_guard_user SET last_login = ?, updated_at = ? WHERE id = ? - (...
Jul 08 19:03:16 symfony [info] {sfFilterChain} Executing filter "subdomainFilter"
Any idea on where can I keep looking or how I can fix it?
Thanks a lot!
fixed, it was a problem of having two servers running at the same time. We have changed to use Memcache for cookie storing.
这篇关于sfGuardUser中的auth问题(安全过滤器)Symfony的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!