问题描述
好的,我想我需要牵手..
OK I think I need hand holding..
这个问题是上一个问题的后续:Symfony2 img/LdapBundle 错误凭据错误
This question is a follow on from the previous question:Symfony2 img/LdapBundle Bad credentials error
我已将其拆分为不同的问题.我遇到了两个与 security.yml 文件相关的不同问题,如下所述.
I have split this out as its a different issue. I am getting two different issues relating to the security.yml file as described below.
我有我的 security.yml:
I have my security.yml:
security:
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
imag_ldap:
check_path: login_check
login_path: login
csrf_provider: form.csrf_provider
intention: authenticate
provider: ldap
logout:
path: /logout
target: /
restricted_area:
pattern: ^/
#anonymous: ~
providers:
ldap:
id: imag_ldap.security.user.provider
encoders:
IMAG\LdapBundle\User\LdapUser: plaintext
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
但我收到以下错误:LogicException:没有为防火墙restricted_area"注册身份验证侦听器.
所以我尝试了以下操作:
SO i tried the following:
security:
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
imag_ldap:
check_path: login_check
login_path: login
csrf_provider: form.csrf_provider
intention: authenticate
provider: ldap
logout:
path: /logout
target: /
restricted_area:
pattern: ^/
#anonymous: ~
imag_ldap:
check_path: login_check
login_path: login
csrf_provider: form.csrf_provider
intention: authenticate
provider: ldap
logout:
path: /logout
target: /
但这会导致重定向循环.
but this causes a redirect loop.
谁能告诉我如何让它工作?我正在尝试使用 https://github.com/BorisMorel/LdapBundle ldap 包对用户进行身份验证..
Can anyone show me how to get this to work? I am trying to use the https://github.com/BorisMorel/LdapBundle ldap bundle to authenticate users..
推荐答案
根据文档https://github.com/BorisMorel/LdapBundle#configure-securityyml 你应该有一个带有 pattern: ^/
登录名的防火墙.
According to the documentation https://github.com/BorisMorel/LdapBundle#configure-securityyml you should have one firewall with pattern: ^/
where also the login lives.
security:
firewalls:
restricted_area:
pattern: ^/
anonymous: ~
imag_ldap:
check_path: login_check
login_path: login
csrf_provider: form.csrf_provider
intention: authenticate
provider: ldap
logout:
path: /logout
target: /
providers:
ldap:
id: imag_ldap.security.user.provider
encoders:
IMAG\LdapBundle\User\LdapUser: plaintext
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
不需要身份验证的站点,您必须包含在具有 IS_AUTHENTICATED_ANONYMOUSLY
角色的 acces_control
下.这也适用于开发环境中的分析器和工具栏(实际上对于 FOSUserBundle,但我认为这对于 LdapBundle 也很重要).是的,我知道 symfony 文档说要专门为 ^/login$
创建一个匿名防火墙,但是如果捆绑包支持匿名角色,则可以像上面一样使用 acces_control 排除它.
Sites where you don't need authentication you have to include under acces_control
with IS_AUTHENTICATED_ANONYMOUSLY
role. This also applies to the profiler and toolbar in dev-enivironment (actually for FOSUserBundle, but I think this also significant for the LdapBundle). And yeah, I know the symfony documentation says to create a anonymous firewall exclusively for ^/login$
, but if the bundle supports an anonymous-role it is enough to take the exclude it with acces_control as above.
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
编辑:并且不要忘记从包中导入路由定义而不是自己定义它们.见 https://github.com/BorisMorel/LdapBundle#import-routing
EDIT:And don't forget to import the routing definitions from the bundle and not define them self. see https://github.com/BorisMorel/LdapBundle#import-routing
这篇关于Symfony 2 Security.yml 重定向循环和 LogicException 问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!