简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
symfony2 security的防火牆功能,curl模擬表單提交報錯
PHP中文网
PHP中文网 2017-05-16 16:44:15
0
1
516

hello 大家好,由於業務需要,我採用curl模擬表單來取代真實的表單提交,可是當系統日誌顯示認證成功後,卻在跳轉時錯,錯誤日誌如下:

 security.INFO: User "admin" has been authenticated successfully [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2015-06-10 16:50:46] security.DEBUG: Write SecurityContext in the session [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". 
[] [][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\SaveSessionListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] 
[][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onTerminate". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2015-06-10 16:50:47] request.INFO: Matched route "home" (parameters: "_controller": "User\UserBundle\Controller\HomeController::index", "_route": "home") [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2015-06-10 16:50:47] security.INFO: Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.) [] []
[2015-06-10 16:50:47] security.DEBUG: Calling Authentication entry point [] []

模擬程式碼如下:

#

設定檔與表單提交相同,皆為logintest
但是表單提交結果正確,用curl模擬就不正確。可以看到日誌末端並沒有取到token,而是直接跳到logintest。
我的問題是,不知curl模擬與真正的表單提交有什麼區別,再者就是symfony是如何監聽提交時間的?謝謝大家,求解決方法。

PHP中文网
PHP中文网

认证0级讲师

全部回覆(1)
过去多啦不再A梦
过去多啦不再A梦2017-05-16 16:46:15 1樓

在Symfony 中,Form 會自動添加 一個CSRF TOKEN (預設名稱為_token) 的隱藏域,用來防上非法提交,當表單被提交時,系統會先偵測_token 的有效性,因此題主你用CURL 提交時,必需手動加入_token,手動產生CSRF TOKEN:

$intention = 'test string';
$csrf      = $this->get('form.csrf_provider');

產生 CSRF TOKEN,並:

$post_data['_token'] = $csrf->generateCsrfToken($intention);

表單提交時偵測 CSRF 是否有效:

$token = $request->get('_token');

if( $csrf->isCsrfTokenValid($intention, $token) ) {
    return new Response('CSRF Token Invalid');
}

return new Response('Success');

或者,你可以直接在 configureOptions 停用 CSRF:

$resolver->setDefaults(array(
    'csrf_protection' => true
));
點贊 +0
新增回覆
熱門專題
更多>
熱門文章
熱門教學
更多>
相關教學
熱門推薦
最新課程
最新下載
更多>
網站特效
網站源碼
網站素材
前端模板
關於我們 免責聲明 Sitemap
PHP中文網:公益線上PHP培訓,幫助PHP學習者快速成長!