我有一个注销功能,在另一个项目中工作,但由于某种原因,在我目前正在工作的项目中不工作。它看起来像只是刷新页面。我检查了Symfony https://symfony.com/doc/current/security.html的官方文档,但没有用。希望你们能帮助我。
更新:Security.yml:
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
providers:
in_memory:
memory:
users:
beheerder:
password: admin
roles: 'ROLE_BEHEERDER'
access_control:
- { path: '^/beheerder/*', roles: [ROLE_BEHEERDER] }
encoders:
Symfony\Component\Security\Core\User\User: plaintext
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous:
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
http_basic: ~
# https://symfony.com/doc/current/security/form_login_setup.html
#form_login: ~
logout:
path: security_logout
target: /
控制器:
<?php
namespace AppBundle\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
class DefaultController extends Controller
{
//Functie om naar de homepagina te gaan met een redirect naar de homepagina van de gebruiker.
/**
* @Route("/", name="homepage")
*/
public function indexAction(Request $request, AuthorizationCheckerInterface $authorizationChecker)
{
if ($authorizationChecker->isGranted(new Expression('"ROLE_BEHEERDER" in roles')))
{
return $this->redirectToRoute('beheerder');
}
else
{
return $this->render('default/index.html.twig');
}
}
/**
* @Route("/beheerder", name="beheerder")
*/
public function beheerder(Request $request)
{
return new Response($this->renderView('beheerder/index.html.twig'));
}
/**
* @Route("/logout", name="security_logout")
*/
public function logoutAction(Request $request)
{
return new Response($this->renderView('logout.html.twig'), 401);
}
}
登出小枝:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>{% block title %}Overzicht{% endblock %}</title>
<link rel="icon" type="image/x-icon" href="{{ asset('favicon.ico') }}" />
</head>
<body>
<p>Redirecting back....</p>
<script>
document.cookie = 'PHPSESSID=; Path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
window.location.href = '{{ url('homepage') }}';
</script>
</body>
</html>
编辑:我使用Symfony 3.4。当我去页面/注销它看起来像它只是刷新页面。我可以看到,它去注销功能,但用户不会注销。
4条答案
按热度按时间vom3gejh1#
来自Symfony安全文档:https://symfony.com/doc/3.4/security.html#logging-out
请注意,当使用http-basic认证防火墙时,没有真实的注销方法:注销的唯一方法是让浏览器停止在每次请求时发送您的名称和密码。清除浏览器缓存或重新启动浏览器通常会有所帮助。一些Web开发工具可能也会有所帮助。
你使用的是http-basic,所以清除cookie不会起作用。所以如果你想使用该代码,你需要实现不同的身份验证并停止使用http-basic。
sq1bmfud2#
访问控制在你定义注销路径为
IS_AUTHENTICATED_ANONYMOUSLY
这是错误的.请删除
- { path: '^/logout', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
或
编辑
- { path: '^/logout', roles: [ROLE_BEHEERDER] }
jm81lzqq3#
你还没有设置防火墙
它应该类似于main:anonymous:~ secured_竞技场:pattern:^/beheerder
有这个说,每个人都可以访问“主”防火墙,你应该限制该地区
当你有它然后只是添加到防火墙以下行
并定义/注销路由,你已经做了. Symfony将做注销自动.
您还需要指定路径检查和检查路径检查https://symfony.com/doc/current/security/custom_password_authenticator.html
x8diyxa74#
app/config/security.yml
app/config/routing.yml