大佬教程收集整理的这篇文章主要介绍了php – Symfony2:如何检查某个操作是否安全?,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
我的用例如下:
>用户可以注册并登录
>如果他登录并尝试访问受保护的页面,他将被重定向到“测试版”页面,直到6月底.
>如果他试图访问普通页面(不安全),他将能够访问它而无需任何重定向.
谢谢你的帮助 !
斯坦
创建令牌类,
namespace Your\Namespace; use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; class myToken extends AbstractToken { public function __construct(array $roles = array()) { parent::__construct($roles); } public function getCredentials() { return ''; } }
创建一个实现AuthenticationProviderInterface的类.对于form_login侦听器,它使用给定的UserProvider进行身份验证.在这种情况下,它什么都不做.
namespace Your\Namespace; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; use Acme\BaseBundle\Firewall\myToken; class Myauthprovider implements AuthenticationProviderInterface { public function authenticate(TokenInterface $token) { if (!$this->supports($token)) { return null; } throw new \Exception('you should not get here'); } public function supports(TokenInterface $token) { return $token instanceof myToken; }
创建入口点类.侦听器将从此类创建RedirectResponse.
namespace Your\Namespace; use Symfony\Component\httpFoundation\request; use Symfony\Component\httpFoundation\Response; use Symfony\Component\Security\Core\Exception\AuthenticationException; use Symfony\Component\Security\http\EntryPoint\AuthenticationEntryPoinTinterface; use Symfony\Component\Security\http\httpUtils; class MyAuthenticationEntryPoint implements AuthenticationEntryPoinTinterface { private $httpUtils; private $redirectPath; public function __construct(httpUtils $httpUtils,$redirectPath) { $this->httpUtils = $httpUtils; $this->redirectPath = $redirectPath; } /** * {@inheritdoc} */ public function start(request $request,AuthenticationException $authException = null) { //redirect action goes here return $this->httpUtils->createRedirectResponse($request,$this->redirectPath); }
namespace Your\Namespace; use Symfony\Component\Security\http\Firewall\ListenerInterface; use Symfony\Component\httpKernel\Event\GetResponseEvent; use Symfony\Component\Security\Core\SecurityContexTinterface; use Symfony\Component\Security\http\EntryPoint\AuthenticationEntryPoinTinterface; class MyAuthenticationListener implements ListenerInterface { private $securityContext; private $authenticationEntryPoint; public function __construct(SecurityContexTinterface $securityContext,AuthenticationEntryPoinTinterface $authenticationEntryPoint) { $this->securityContext = $securityContext; $this->authenticationEntryPoint = $authenticationEntryPoint; } public function handle(GetResponseEvent $event) { $token = $this->securityContext->getToken(); $request = $event->getrequest(); if($token === null){ return; } //add your logic $redirect = // Boolean value based on your logic if($token->isAuthenticated() && $redirect){ $response = $this->authenticationEntryPoint->start($request); $event->setResponse($responsE); return; } } }
创建服务.
<?xml version="1.0" ?> <container xmlns="http://symfony.com/scheR_731_11845@a/Dic/services" xmlns:xsi="http://www.w3.org/2001/XMLscheR_731_11845@a-instance" xsi:scheR_731_11845@aLOCATIOn="http://symfony.com/scheR_731_11845@a/Dic/services http://symfony.com/scheR_731_11845@a/Dic/services/services-1.0.xsd"> <services> <service id="my_firewall.security.authentication.listener" class="Your\Namespace\MyAuthenticationListener" parent="security.authentication.listener.abstract" abstract="true"> <argument type="service" id="security.context" /> <argument /> <!-- Entry Point --> </service> <service id="my_firewall.entry_point" class="Your\Namespace\MyAuthenticationEntryPoint" public="false" ></service> <service id="my_firewall.auth_provider" class="Your\Namespace\Myauthprovider" public="false"></service> </services> </container>
注册听众.在捆绑包DependencyInjection文件夹中创建名为Security / Factory的文件夹.然后创建工厂类.
namespace Your\Bundle\DependencyInjection\Security\Factory; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\DependencyInjection\DeFinitionDecorator; use Symfony\Component\DependencyInjection\DeFinition; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface; use Symfony\Component\Config\DeFinition\Builder\NodeDeFinition; class MyFirewallFactory implements SecurityFactoryInterface { public function create(ContainerBuilder $container,$id,$config,$userProvider,$defaultEntryPoint) { $provider = 'my_firewall.auth_provider.'.$id; $container->setDeFinition($provider,new DeFinitionDecorator('my_firewall.auth_provider')); // entry point $entryPointId = $this->createEntryPoint($container,$defaultEntryPoint); // listener $listenerId = 'my_firewall.security.authentication.listener'.$id; $listener = $container->setDeFinition($listenerId,new DeFinitionDecorator('my_firewall.security.authentication.listener')); $listener->replaceArgument(1,new Reference($entryPointId)); return array($provider,$listenerId,$entryPointId); } public function getPosition() { return 'pre_auth'; } public function getKey() { return 'my_firewall'; //the listener name } protected function getListenerId() { return 'my_firewall.security.authentication.listener'; } public function addConfiguration(NodeDeFinition $nodE) { $node ->children() ->scalarNode('redirect_path')->end() ->end() ; } protected function createEntryPoint($container,$defaultEntryPointId) { $entryPointId = 'my_firewall.entry_point'.$id; $container ->setDeFinition($entryPointId,new DeFinitionDecorator('my_firewall.entry_point')) ->addArgument(new Reference('security.http_utils')) ->addArgument($config['redirect_path']) ; return $entryPointId; } }
然后在bundle文件夹的NamespaceBundle.PHP中添加以下代码.
public function build(ContainerBuilder $builder){ parent::build($builder); $extension = $builder->getExtension('security'); $extension->addSecurityListenerFactory(new Security\Factory\MyFirewallFactory()); }
身份验证监听器已创建,phew :).现在在app / config / security.yml中执行以下操作.
api_area: pattern: ^/secured/ provider: fos_userbundle form_login: check_path: /login_check login_path: /login csrf_provider: form.csrf_provider my_firewall: redirect_path: /beta logout: true anonymous: true
以上是大佬教程为你收集整理的php – Symfony2:如何检查某个操作是否安全?全部内容,希望文章能够帮你解决php – Symfony2:如何检查某个操作是否安全?所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。