我已经安装了 symfony 2.6.6,并且我按照本教程进行了第 1 步。) b.) http://symfony.com/doc/2.7/book/security.html
1.) http_basic登录后如何清除tokenStorage(session等)?
通过http_basic登录后 我找不到任何方法来清除我的 tokenStorage
Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage Object
(
[token:Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage:private] => Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken Object
(
[credentials:Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken:private] =>
[providerKey:Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken:private] => default
[user:Symfony\Component\Security\Core\Authentication\Token\AbstractToken:private] => Symfony\Component\Security\Core\User\User Object
(
[username:Symfony\Component\Security\Core\User\User:private] => admin
[password:Symfony\Component\Security\Core\User\User:private] => kitten
[enabled:Symfony\Component\Security\Core\User\User:private] => 1
[accountNonExpired:Symfony\Component\Security\Core\User\User:private] => 1
[credentialsNonExpired:Symfony\Component\Security\Core\User\User:private] => 1
[accountNonLocked:Symfony\Component\Security\Core\User\User:private] => 1
[roles:Symfony\Component\Security\Core\User\User:private] => Array
(
[0] => ROLE_ADMIN
)
)
[roles:Symfony\Component\Security\Core\Authentication\Token\AbstractToken:private] => Array
(
[0] => Symfony\Component\Security\Core\Role\Role Object
(
[role:Symfony\Component\Security\Core\Role\Role:private] => ROLE_ADMIN
)
)
[authenticated:Symfony\Component\Security\Core\Authentication\Token\AbstractToken:private] => 1
[attributes:Symfony\Component\Security\Core\Authentication\Token\AbstractToken:private] => Array
(
)
)
)
this is my security.yml
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
Symfony\Component\Security\Core\User\User: plaintext
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory:
users:
ryan:
password: ryanpass
roles: 'ROLE_USER'
admin:
password: kitten
roles: 'ROLE_ADMIN'
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
anonymous: ~
http_basic: ~
logout:
path: /logout
target: /
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/admin/logout, roles: ROLE_ADMIN }
p.s: At first access to /admin http basic form pops up as expected but after logging in and clearing cache, even the browser's still I cant cleanup tokenStorage
最佳答案
最近我自己也有点挣扎。我要做的是:
- 为/logout 创建路由并将其传递给默认 Controller logoutAction() 函数
- 将 logoutAction() 函数添加到 DefaultController.php,将 token 设置为 NULL 并将您重定向到 root
#/app/config/routing.yml
#...
logout:
path: /logout
defaults: { _controller: AppBundle:Default:logout }
#/src/AppBundle/Controller/DefaultController.php
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\HttpFoundation\RedirectResponse;
class DefaultController extends Controller
{
public function logoutAction() {
$this->get('security.token_storage')->setToken(NULL);
// Redirect User to Root/Hello/Wherever
return new RedirectResponse($this->generateUrl('hello'));
}
//...
}
注意 DefaultController.php 中额外的“使用”行
关于php - Symfony 2.6.6 安全性 - 如何使用 in_memory 通过用户提供者注销或重置 TokenStorage?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29669850/