所以我让Role_User只能从某个IP地址访问该网站。一切都像魅力一样,除非用户从不同的IP连接我尝试将其重定向到/ en / logout。但它会弹出错误“您必须激活注销安全防火墙配置”。真的需要帮助。
security:
encoders:
App\Entity\User: bcrypt
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
user_checker: App\Security\UserChecker
anonymous: true
stateless: false
guard:
authenticators:
- App\Security\TokenAuthenticator
remember_me:
secret: '%kernel.secret%'
lifetime: 604800
path: /
form_login:
provider: fos_userbundle
check_path: fos_user_security_check
login_path: fos_user_security_login
csrf_token_generator: security.csrf.token_manager
logout:
path: fos_user_security_logout
target: /(%app_locales%)/login
access_denied_url: /(%app_locales%)/logout
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_TEAMLEAD: ROLE_CUSTOMER
ROLE_ADMIN: ROLE_TEAMLEAD
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: '^/(%app_locales%)/timesheet', role: ROLE_USER, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/timesheet', role: ROLE_ADMIN }
- { path: '^/(%app_locales%)/timesheet', roles: ROLE_NO_ACCESS }
- { path: '^/(%app_locales%)$', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/login', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/register', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/resetting', role: IS_AUTHENTICATED_ANONYMOUSLY, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/', roles: ROLE_USER, ip: [IP.IP.IP.IP] }
- { path: '^/api', roles: IS_AUTHENTICATED_REMEMBERED, ip: [IP.IP.IP.IP] }
- { path: '^/(%app_locales%)/login$', roles: ROLE_NO_ACCESS }
您需要提供使用正确参数在access_control列表中注销的路径。现在你的/en/logout由角色ROLE_USER和ip [IP.IP.IP.IP]授权。您需要添加下一行:
access_control:
...
- { path: '^/(%app_locales%)/logout', roles: ROLE_USER }
...
正如您所看到的,我删除了对路径/en/logout上授权的IP地址的依赖。现在它只取决于你的用户的ROLE_USER角色。
我认为,除了迈克尔发布的access_control条目之外,你应该改变
access_denied_url: /(%app_locales%)/logout
成
access_denied_url: fos_user_security_logout
这似乎是similar case的问题