Force user login in Symfony 2

2019-07-20 17:03发布

站内问答 / 前沿技术
896 1 5

Whenever I try to remove the anonymous: ~ configuration in security.yml, The system ends up returning an Error 310: Redirect loop.

This is the config so far:

    firewalls:
    secured_area:
        pattern: ^/
        #anonymous: ~
        form_login:
            check_path: /login_check
            login_path: /login
        logout:
            path: /logout

1条回答
女痞
2楼-- · 2019-07-20 17:44

Try this:

firewalls:
    secured_area:
        pattern: ^/
        #anonymous: ~
        form_login:
            check_path: /login_check
            login_path: /login
        logout:
            path: /logout
    login_firewall:
        pattern:    ^/login$
        anonymous:  ~

See the doc http://symfony.com/doc/current/book/security.html#book-security-common-pitfalls

Be sure the login page isn't secure

Also, be sure that the login page does not require any roles to be viewed. For example, the following configuration - which requires the ROLE_ADMIN role for all URLs (including the /login URL), will cause a redirect loop:

access_control:
    - { path: ^/, roles: ROLE_ADMIN }

Removing the access control on the /login URL fixes the problem:

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_ADMIN }

Also, if your firewall does not allow for anonymous users, you'll need to create a special firewall that allows anonymous users for the login page:

firewalls:
    login_firewall:
        pattern:    ^/login$
        anonymous:  ~
    secured_area:
        pattern:    ^/
        form_login: ~
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)