我有这种情况。 我的网站有一个安全的部分。 我认为,安全性是正确配置的。 如果我尝试从浏览器打开安全URL,我会被要求输入用户名和密码。 Symfony探查器在登录后正确显示用户上下文主页(根路由)不受保护(探查器在此显示匿名上下文)
现在的问题是:如果在主页的树枝模板中,我放了这样的东西
{{ render(path('secured_route')) }}提供安全路线的内容! 我希望得到某种异常或登录窗口! 这是一个错误还是我错过了什么?
I have this scenario. My site has a secured part. Security is, I think, correctly configured. If I try to open a secured URL from browser, I am asked to type username and password. Symfony profiler shows correctly user context after logon The homepage (root route) is not secured (the profiler shows here the anonymous context)
Now the problem: If, in the twig template of the homepage, I put something like this
{{ render(path('secured_route')) }}the content of the secured route is rendered! I expected to get some kind of exception or the login window! Is this a bug or am I missing something?
最满意答案
当以这种方式渲染控制器时,您绕过了路由器,因此也绕过了与路由相关的证券。
您可以做的最好的事情是使用@Security注释将控制器限制为登录用户:
/** * @Security("has_role('IS_AUTHENTICATED_REMEMBERED')") */When rendering a controller this way, you're bypassing the router, so securities related to routes are bypassed too.
The best you can do is to restraint your controller to logged-in users using the @Security annotation:
/** * @Security("has_role('IS_AUTHENTICATED_REMEMBERED')") */更多推荐
secured,安全,正确,电脑培训,计算机培训,IT培训"/> <meta name="description&quo
发布评论