php - Symfony 2.8 - 如何为任何 URL 配置防火墙？

Question

每当我故意 - 尝试自定义错误页面 - 尝试访问未定义的路由时，服务器都会响应 500 错误。日志说:

request.CRITICAL: Exception thrown when handling an exception (Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException: The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL.

此异常在 NotFoundException 之后抛出，因此出现 500 错误。因此，我试图弄清楚如何为任何 URL 配置防火墙，尤其是为所有已经由防火墙处理的 URL 配置防火墙，以便可以实际找到凭据。我想出了这个 UserBundle/Resources/config/security.yml :

security:
encoders:
    FOS\UserBundle\Model\UserInterface: sha512

providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt))/
        security: false
    public:
        pattern:                    ^/(contact/faq)$
        anonymous:                  true
    secure:
        pattern:                    ^/
        form_login:
            provider:               fos_userbundle
            csrf_token_generator:   security.csrf.token_manager
            login_path:             fos_user_security_login
            check_path:             fos_user_security_check
            use_forward:            false
            failure_path:           null
            default_target_path:    /
            remember_me:            true
        logout:
            path:                   fos_user_security_logout
            target:                 /
        anonymous:                  true
        remember_me:
            secret:                 %secret%
            name:                   whatev
            lifetime:               31536000
            path:                   /
            remember_me_parameter:  _remember_me
            secure:                 true
            always_remember_me:     true
    default:
        anonymous: true

所有内容都已导入到我的主要安全文件中，其中包括:

imports:
- { resource: "@UserBundle/Resources/config/security.yml" }

security:
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

access_control:
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY } # my try to match all routes...
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/administration/, role: ROLE_ADMIN }
    - { path: ^/user$, role: IS_AUTHENTICATED_FULLY }

这是我在 app/Resources/TwigBundle/views/Exception 下的 error.html.twig :

<!DOCTYPE html>
<html>
    <head>
        <meta charset="{{ _charset }}" />
        <title>An Error Occurred: {{ status_text }}</title>
    </head>
    <body>
        <h1>Oops! An Error Occurred</h1>
        <h2>The server returned a "{{ status_code }} {{ status_text }}".</h2>

        <div>
            Something is broken. Please let us know what you were doing when this error occurred.
            We will fix it as soon as possible. Sorry for any inconvenience caused.
        </div>
    </body>
</html>

关于如何进行的任何线索？

非常感谢。

Answer 1

正如 Federico 所指出的，问题来自试图执行的事件监听器:

public function add(Request $request)
{
    if($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
        /* do stuff considering the user is logged in.
        ** This is wrong ; we can end up here while having a logged out user.
        */

当然，仔细想想，这似乎很愚蠢。通过确保您确实可以在安全上下文中调用 isGranted() 来简单地解决整个问题。要检查这一点，您必须验证:

1. 安全上下文的 token 不为空；
2. 此 token 的用户是您的用户实体的一个实例(用户实际已登录)。

这会将上述方法更改为:

public function add(Request $request)
{
    if($this->securityContext->getToken() === null)
        return false;

    if(!$this->securityContext->getToken()->getUser() instanceof User)
        return false;

    if($this->securityContext->isGranted('IS_AUTHENTICATED_FULLY')) {
        // do stuff considering the user is logged in.