Symfony 5抛出访问被拒绝异常

问题描述 投票:0回答:1

我正在尝试使用多个身份验证器(针对每个用户角色)。他们运行良好,直到最后一个,它将未经身份验证的用户重定向到URL /dashboard/进行登录,但是对/dashboard的请求却被抛出AccessDeniedHttpException

“”

这是我的security.yaml文件,其中包含所有防火墙:

security:
    encoders:
        App\Entity\User:
            algorithm: sha512

    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern: ^/admin/
            anonymous: lazy
            provider: app_user_provider
            guard:
                authenticators:
                    - App\Security\AdminAuthenticator
            logout:
                path: admin_logout
        expert:
            pattern: ^/dashboard/
            anonymous: lazy
            provider: app_user_provider
            guard:
                authenticators:
                    - App\Security\ExpertAuthenticator
            logout:
                path: expert_logout
        user:
            anonymous: lazy
            provider: app_user_provider
            guard:
                authenticators:
                    - App\Security\UserAuthenticator
            logout:
                path: user_logout

    access_control:
        - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, roles: ROLE_ADMIN }

        - { path: ^/ask, roles: ROLE_USER }

        - { path: ^/dashboard/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/dashboard, roles: ROLE_EXPERT }

[我认为没有必要在此处粘贴身份验证器,因为这是我为所有三个身份验证器复制并粘贴的Symfony 5 make:auth制造商命令默认值,同时仅更改了public const LOGIN_ROUTE = 'user_login';onAuthenticationSuccess()函数的重定向响应路径。

我也使用了默认的SecurityController

namespace App\Controller\Expert;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

/**
 * Class SecurityController
 * @package App\Controller\Expert
 * @Route("/dashboard")
 */
class SecurityController extends AbstractController
{
    /**
     * @Route("/login", name="expert_login")
     */
    public function login(AuthenticationUtils $authenticationUtils): Response
    {
        if ($this->getUser()) {
            return $this->redirectToRoute('expert_index');
        }

        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();
        // last username entered by the user
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render('expert/security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
    }

    /**
     * @Route("/logout", name="expert_logout")
     */
    public function logout()
    {
        $this->addFlash('success', 'Session closed');
        return $this->redirectToRoute('expert_index');
    }
}

[每当我访问/admin/admin/whatever/ask/ask/whatever时,我都会重定向到其各自的登录表单(/admin/login/ask/dashboard)。

如果未从其他验证者登录或使用/dashboard/login登录,则可以直接访问ROLE_EXPERT。如果没有,我得到提到的异常。

嗯,你知道发生了什么吗?

php symfony oop authentication
1个回答
1
投票

您应将- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }作为最后一个access_control条目。

这是因为Symfony在编写它时会对其进行解析(想像它是一个FIFO队列),并且由于可以以匿名方式访问/,所以关联的令牌将是匿名的(它将不会尝试从中读取会话等)。

© www.soinside.com 2019 - 2024. All rights reserved.