php - Symfony 3.4 表单登录重定向到索引页面并进行身份验证
问题描述
我想去管理页面。我去网址/管理员。我被重定向到登录页面。现在的问题是,我填写表单单击登录并重定向到索引页面而不是 /admin 并且我没有经过身份验证。
我使用 symfony3.4 和 form_login。我查看了 Profiler,在我看来登录正在工作,但之后我立即注销。
在 /login 上发布请求时的安全性:https ://imgur.com/tnrcYMH
登录后在索引页面上:https ://imgur.com/RJTFRim
配置/安全.yml
security:
providers:
in_memory:
memory:
users:
admin:
password: $2y$13$xAvoz5UgaciMjR2wCashoOcdOku13ieKsRPMlNh7.uimmDmojkYCi
roles: 'ROLE_ADMIN'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
form_login:
login_path: login
check_path: login
logout:
path: /logout
target: /
anonymous: ~
logout_on_user_change: true
encoders:
Symfony\Component\Security\Core\User\User: bcrypt
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
路由.yml
login:
path: /login
defaults: { _controller: AdminBundle:Security:login }
login_check:
path: /login
logout:
path: /logout
easyadmin.entryPoint:
path: /admin/entryPoint
defaults: { _controller: AdminBundle:Admin:entryPoint }
easy_admin_bundle:
resource: '@AdminBundle/Controller/AdminController.php'
type: annotation
prefix: /admin
安全控制器
<?php
namespace AdminBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
class SecurityController extends Controller
{
/**
* @return \Symfony\Component\HttpFoundation\Response
*/
public function loginAction()
{
$authenticationUtils = $this->get('security.authentication_utils');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('@Admin/login.html.twig', [
'last_username' => $lastUsername,
'error' => $error,
]);
}
}
login.html.twig
{% extends '@App/base.html.twig' %}
{% block stylesheets %}
{{ parent() }}
{{ encore_entry_link_tags('admin_bundle_login') }}
{% endblock %}
{% block body %}
<form id="login-form" action="{{ path('login') }}" method="post">
<div id="username">
<label for="username">Username:</label>
<input type="text" id="username" name="_username" value="{{ last_username }}"/>
</div>
<div id="password">
<label for="password">Password:</label>
<input type="password" id="password" name="_password"/>
</div>
{% if error %}
<div id="login-error">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}
<button type="submit" id="login-submit">login</button>
</form>
{% endblock %}
开发日志
[2019-03-31 12:32:58] request.INFO: Matched route "login". {"route":"login","route_parameters":{"_controller":"AdminBundle\\Controller\\SecurityController::loginAction","_route":"login"},"request_uri":"http://localhost:8000/admin/login","method":"GET"} []
[2019-03-31 12:32:58] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2019-03-31 12:32:58] request.INFO: Matched route "_wdt". {"route":"_wdt","route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"ff647b","_route":"_wdt"},"request_uri":"http://localhost:8000/_wdt/ff647b","method":"GET"} []
[2019-03-31 12:33:11] request.INFO: Matched route "login". {"route":"login","route_parameters":{"_controller":"AdminBundle\\Controller\\SecurityController::loginAction","_route":"login"},"request_uri":"http://localhost:8000/admin/login","method":"POST"} []
[2019-03-31 12:33:11] security.INFO: User has been authenticated successfully. {"username":"admin"} []
[2019-03-31 12:33:11] security.DEBUG: Stored the security token in the session. {"key":"_security_main"} []
[2019-03-31 12:33:11] request.INFO: Matched route "index". {"route":"index","route_parameters":{"_controller":"AppBundle\\Controller\\DefaultController::indexAction","_route":"index"},"request_uri":"http://localhost:8000/","method":"GET"} []
[2019-03-31 12:33:11] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2019-03-31 12:33:12] request.INFO: Matched route "_wdt". {"route":"_wdt","route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"03981c","_route":"_wdt"},"request_uri":"http://localhost:8000/_wdt/03981c","method":"GET"} []
[2019-03-31 12:33:12] request.INFO: Matched route "ajaxProvider". {"route":"ajaxProvider","route_parameters":{"_controller":"AppBundle\\Controller\\DefaultController::ajaxProviderAction","_route":"ajaxProvider"},"request_uri":"http://localhost:8000/slots.json","method":"GET"} []
[2019-03-31 12:33:12] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2019-03-31 12:33:13] request.INFO: Matched route "ajaxProvider". {"route":"ajaxProvider","route_parameters":{"_controller":"AppBundle\\Controller\\DefaultController::ajaxProviderAction","_route":"ajaxProvider"},"request_uri":"http://localhost:8000/slots.json","method":"GET"} []
[2019-03-31 12:33:13] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
我希望在登录后获得身份验证
解决方案
将您的用户凭据(内存用户提供程序的用户配置)设置为roles: ['ROLE_ADMIN']
providers:
in_memory:
memory:
users:
admin:
password: $2y$13$xAvoz5UgaciMjR2wCashoOcdOku13ieKsRPMlNh7.uimmDmojkYCi
roles: ['ROLE_ADMIN'] # <-- this!
旧/原始答案
据我所知,正常的方法是将登录表单放在它应该被覆盖的防火墙下,这意味着,将以下内容添加到 security.yaml 的 access_control 部分(订单很重要!):
access_control:
- { path: /admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
(你应该已经拥有的最后一行)
您还需要将您的登录路由更改为/admin/login
(在 routing.yaml 中)
推理: check_path 和 login_path 通常是相同的。但要求不同(来源:form_login authentication):
login_path:此路径必须可由未经身份验证的普通用户访问,否则您可能会创建重定向循环。
check_path:确保此 URL 被您的主防火墙覆盖(即不要仅为 check_path URL 创建单独的防火墙)。
推荐阅读
- java - 如何在我的 Ewon 项目中使用外部 jar 文件?
- angularjs - 两种方式数据绑定在引导模型中不起作用
- azure-data-factory-2 - 将数据工厂升级到 GA API
- html - 如何在 Outlook 邮件应用程序中隐藏 HTML 表格行
- swift - 如何使用 UISwipeActionsConfiguration 设置删除单元格的延迟?
- javascript - 在 Bing Maps 上实现 pointInpolygon 搜索算法,位置坐标来自数据库
- git - git:获取到裸仓库后更新 HEAD
- visual-studio-code - 如何从 VS Code 中的输入变量启动特定任务?
- salesforce - 销售人员中的 Bot 是什么
- python - 如何清除熊猫单元格中的重复数据?