我使用JMSSecurityExtraBundle(1.6.1)
-
Symfony 3.1
-
FOSUserBundle
-
JMSI18nRoutingBundle
-
JMSTranslationBundle
当我登录并尝试访问登录页面时,一切正常 . (403拒绝例外)但是如果我没有经过身份验证并尝试访问登录页面,我会有一个重定向循环 .
配置错误?还是JMSI18nRoutingBundle的错误?任何的想法 ?
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
login_path: fos_user_security_login
check_path: fos_user_security_check
oauth:
resource_owners:
facebook: "/connect/check-facebook"
google: "/connect/check-google"
twitter: "/connect/check-twitter"
login_path: fos_user_security_login
failure_path: /connect
oauth_user_provider:
service: customUserProvider
logout:
path: fos_user_security_logout
anonymous: true
access_control:
- { path: "^/[a-z]{2}_[A-Z]{2}/login$", role: "!is_Authenticated()" }
- { path: "^/[a-z]{2}_[A-Z]{2}/register", role: "!is_Authenticated()" }
- { path: "^/[a-z]{2}_[A-Z]{2}/resetting", role: "!is_Authenticated()" }
- { path: "^/[a-z]{2}_[A-Z]{2}/(account|compte){1}", role: IS_AUTHENTICATED_REMEMBERED }
- { path: "^/[a-z]{2}_[A-Z]{2}/(recipe/add|recette/ajouter){1}", role: IS_AUTHENTICATED_REMEMBERED }
- { path: "^/[a-z]{2}_[A-Z]{2}/(recipe/.*/edit|recette/.*/editer){1}", role: IS_AUTHENTICATED_REMEMBERED }
谢谢大家
1 回答
is_Authenticated()在这种情况下是不够的,因为ANONYMOUS用户被自动分配IS_AUTHENTICATED_ANONYMOUSLY角色,因此经过身份验证 .在一个可能的解决方案之上,您可以使用它来防止循环 .