我正在尝试使用多个身份验证器(针对每个用户角色)。他们运行良好,直到最后一个,它将未经身份验证的用户重定向到URL /dashboard/
进行登录,但是对/dashboard
的请求却被抛出AccessDeniedHttpException
:
这是我的security.yaml
文件,其中包含所有防火墙:
security:
encoders:
App\Entity\User:
algorithm: sha512
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/admin/
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\AdminAuthenticator
logout:
path: admin_logout
expert:
pattern: ^/dashboard/
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\ExpertAuthenticator
logout:
path: expert_logout
user:
anonymous: lazy
provider: app_user_provider
guard:
authenticators:
- App\Security\UserAuthenticator
logout:
path: user_logout
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/ask, roles: ROLE_USER }
- { path: ^/dashboard/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/dashboard, roles: ROLE_EXPERT }
[我认为没有必要在此处粘贴身份验证器,因为这是我为所有三个身份验证器复制并粘贴的Symfony 5 make:auth
制造商命令默认值,同时仅更改了public const LOGIN_ROUTE = 'user_login';
和onAuthenticationSuccess()
函数的重定向响应路径。
我也使用了默认的SecurityController
:
namespace App\Controller\Expert;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
/**
* Class SecurityController
* @package App\Controller\Expert
* @Route("/dashboard")
*/
class SecurityController extends AbstractController
{
/**
* @Route("/login", name="expert_login")
*/
public function login(AuthenticationUtils $authenticationUtils): Response
{
if ($this->getUser()) {
return $this->redirectToRoute('expert_index');
}
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('expert/security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error]);
}
/**
* @Route("/logout", name="expert_logout")
*/
public function logout()
{
$this->addFlash('success', 'Session closed');
return $this->redirectToRoute('expert_index');
}
}
[每当我访问/admin
,/admin/whatever
或/ask
,/ask/whatever
时,我都会重定向到其各自的登录表单(/admin/login
和/ask/dashboard
)。
如果未从其他验证者登录或使用/dashboard/login
登录,则可以直接访问ROLE_EXPERT
。如果没有,我得到提到的异常。
嗯,你知道发生了什么吗?
您应将- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
作为最后一个access_control
条目。
这是因为Symfony在编写它时会对其进行解析(想像它是一个FIFO队列),并且由于可以以匿名方式访问/
,所以关联的令牌将是匿名的(它将不会尝试从中读取会话等)。