为什么我不能通过编程登录symfony?

时间:2016-04-26 21:43:04

标签: php symfony authentication symfony-security

我尝试通过编程登录symfony,但是当重定向到新路由时,用户返回到anon。用户。

security.yml 

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    providers:
        in_memory:
            memory:
                users:
                    admin:
                        password: pass
                        roles: ROLE_ADMIN

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            anonymous: ~
            form_login: ~

        login_firewall:
            pattern:   ^/login$
            anonymous: ~

        secured_area:
            pattern:    ^/
            form_login: ~

    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_ADMIN }

则loginAction 

public function loginAction(Request $request)
{
    if ($request->getMethod() === 'POST')
    {
        $firewall = 'main';

        $user = new User('User', 'pass', array('ROLE_ADMIN'));

        $token = new UsernamePasswordToken($user, $user->getPassword(), $firewall, $user->getRoles());

        $this->get("security.token_storage")->setToken($token);

        $session = $this->get('session');
        $session->set('_security_'.$firewall, serialize($token));

        $event = new InteractiveLoginEvent($request, $token);
        $this->get("event_dispatcher")->dispatch("security.interactive_login", $event);

        return $this->redirect($this->generateUrl('admin'));
    }

    $authenticationUtils = $this->get('security.authentication_utils');
    $error = $authenticationUtils->getLastAuthenticationError();
    $lastUsername = $authenticationUtils->getLastUsername();

    return $this->render(
        'security/login.html.twig',
        array(
            // last username entered by the user
            'last_username' => $lastUsername,
            'error'         => $error,
        )
    );
}

问题:用户登录但重定向到路由管理员再次返回到用户匿名登录。

2 个答案:

答案 0 :(得分:0)

你应该删除

  

form_login:〜

在security.yml的主防火墙下

在这种情况下,您将显示一个例外:

  

访问此资源需要完全身份验证

答案 1 :(得分:0)

这是一个适用于2.8 / 3.0的简单实用程序类。它显示了底部所需的线条。如果这种代码对您不起作用,那么您确实会遇到某种防火墙问题,当然我会假设您已经提到了它,如果您遇到异常:

class ProjectUserLoginUser
{
    /** @var  EventDispatcherInterface */
    private $eventDispatcher;

    /** @var  TokenStorageInterface */
    private $securityTokenStorage;

    private $firewallName; // main

    public function __construct(
        $firewallName,
        EventDispatcherInterface $eventDispatcher,
        TokenStorageInterface    $securityTokenStorage
    )
    {
        $this->firewallName          = $firewallName;
        $this->eventDispatcher       = $eventDispatcher;
        $this->securityTokenStorage  = $securityTokenStorage;
    }
    public function loginUser(Request $request, UserInterface $user)
    {
        $token = new UsernamePasswordToken($user, null, $this->firewallName, $user->getRoles());

        $this->securityTokenStorage->setToken($token);

        $event = new InteractiveLoginEvent($request, $token);

        $this->eventDispatcher->dispatch(SecurityEvents::INTERACTIVE_LOGIN, $event);
    }
}
相关问题
最新问题