Symfony2登录验证

时间:2015-03-13 14:07:09

标签: php symfony

我知道这是常见的事情,但我找不到我正在做的错误而且我变得疯狂。

我无法通过登录表单登录,当我提交表单时,它会自行返回并且没有经过身份验证。

提前致谢!

这是我的security.yml 

security:
     encoders:
         Symfony\Component\Security\Core\User\User: plaintext
         #Cityincheck\AppBundle\Entity\User:
             #algorithm: bcrypt
             #cost: 12

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER

providers:
    in_memory:
        memory:
            users:
                ryan:
                    password: ryanpass
                    roles: 'ROLE_USER'
                admin:
                    password: kitten
                    roles: 'ROLE_ADMIN'

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    login_firewall:
        pattern:   ^/login$
        anonymous: ~
    admin_area:
        pattern:    ^/*
        form_login:
            check_path: /login_check
            login_path: /login
            provider: in_memory
            default_target_path: /admin
        logout:
            path:   admin_logout
            target: admin_login
        #anonymous: ~
        #http_basic:
        #    realm: "Secured Demo Area"

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, roles: ROLE_ADMIN }

我的routing.yml 

admin_login:
    path: /login
    defaults: { _controller: AppBundle:AccessControl:login }

admin_login_check:
    path: /login_check

我的控制员:

class AccessControlController extends Controller
{

public function loginAction(Request $request)
{
    $session = $request->getSession();

    // get the login error if there is one
    if ($request->attributes->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
        $error = $request->attributes->get(
            SecurityContextInterface::AUTHENTICATION_ERROR
        );
    } elseif (null !== $session && $session->has(SecurityContextInterface::AUTHENTICATION_ERROR)) {
        $error = $session->get(SecurityContextInterface::AUTHENTICATION_ERROR);
        $session->remove(SecurityContextInterface::AUTHENTICATION_ERROR);
    } else {
        $error = null;
    }

    // last username entered by the user
    $lastUsername = (null === $session) ? '' : $session->get(SecurityContextInterface::LAST_USERNAME);

    return $this->render(
        'AppBundle::login.html.twig',
        array(
            // last username entered by the user
            'last_username' => $lastUsername,
            'error'         => $error,
        )
    );
}
}

1 个答案:

答案 0 :(得分:0)

问题在于你的security.yml。当有人发送表单时,浏览器向/ login_check发送HTTP请求以检查登录名和密码。但是app不允许这样做,因为用户未经过身份验证。 您必须添加' / login_check' to access_control 

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, roles: ROLE_ADMIN }

或那

access_control:
    - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, roles: ROLE_ADMIN }
相关问题
最新问题