我在一个正在进行的项目中使用FOSUserBundle,一切都很好,但当我关闭会话时遇到了一个小问题,因为我转到了应用程序的索引,而不是停留在登录表单所在的/admin/login安全区域。这是我的security.yml:
security:
encoders:
FOSUserBundleModelUserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /admin
invalidate_session: false
anonymous: true
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
有人能告诉我哪里出了错吗?
我想是anonymous: true。如果你基本上想让整个网站处于访问控制之下,除了登录页面之外,没有其他页面可供未登录的人访问,那么你想要这样的东西:
security:
encoders:
FOSUserBundleModelUserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /admin
invalidate_session: false
anonymous: ~ # NO ANONYMOUS ACCESS
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
# anonymous visitors need to be able to get to the logon pages
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Could also add "safe" routes like an "about" or "contact us" pages here if you like
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }