{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ゆ 、 Hurt° 的问题《Anonymous token even if logged in in public pages》','https://www.manongdao.com/q-991646.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm having some trouble setting my security.
I want a page to be accessible both by anonymous and by logged in members. I want it to show different content depending on the situation (in fact, i want to still be logged in as a member when i go on it).
The page I want to give public access is ^/profile.
I set my security.yml like that :
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# Firewall pour les pages de connexion, inscription, et récupération de mot de passe
login:
pattern: ^/(login$|register|resetting) # Les adresses de ces pages sont login, register et resetting
anonymous: true # On autorise bien évidemment les anonymes sur ces pages # Firewall principal pour le reste de notre site
public:
pattern: ^/profile
anonymous: true
homepage:
pattern: ^/$
anonymous: true
main:
pattern: ^/ # ^/ = tout ce qui commence par / = tout notre site
form_login: # On définit notre méthode d'authentification
provider: fos_userbundle # On lie l'authentification au provider définit plus haut
remember_me: true # On active la possibilité du "Se souvenir de moi" (désactivé par défaut)
remember_me:
key: %secret% # On définit la clé pour le remember_me (%secret% est un parametre de parameters.yml)
anonymous: false # On autorise les utilisateurs anonymes (non identifiés)
logout: true # On autorise la déconnexion manuelle (désactivé par défaut)
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
My problem is that when I'm logged in and I access this page, it's like i'm not logged in (i've got my log in button) because the firewall give me an anonymous token.
thanks for your help. Scaff
Common pitfalls in authentication:
So put all under one main firewall and use ACLs as in the FOSUSerBundle installation step 4.
IMO you are not quite correctly inserted the file, so I can not say for sure. But you probably have 2 firewall for one url. Its a main firewall
and a public firewall
Try to specify only one firewall.
Quote from official documenation:
Multiple firewalls don't share security context If you're using multiple firewalls and you authenticate against one firewall, you will not be authenticated against any other firewalls automatically. Different firewalls are like different security systems. To do this you have to explicitly specify the same Firewall Context for different firewalls. But usually for most applications, having one main firewall is enough.