hello 大家好,由于业务需要,我采用curl模拟表单来代替真实的表单提交,可是当系统日志显示认证成功后,却在跳转时错,错误日志如下:
security.INFO: User "admin" has been authenticated successfully [] [] [2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] [] [2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest" was not called for event "kernel.request". [] [] [2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] [] [2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] [] [2015-06-10 16:50:46] security.DEBUG: Write SecurityContext in the session [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] [][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\SaveSessionListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] [][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onTerminate". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] [] [2015-06-10 16:50:47] request.INFO: Matched route "home" (parameters: "_controller": "User\UserBundle\Controller\HomeController::index", "_route": "home") [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] [] [2015-06-10 16:50:47] security.INFO: Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.) [] [] [2015-06-10 16:50:47] security.DEBUG: Calling Authentication entry point [] []
模拟代码如下:
配置文件与表单提交相同,均为logintest
但是表单提交结果正确,用curl模拟就不正确。可以看到日志末尾并没有取到token,而是直接跳转回logintest。
我的问题是,不知curl模拟与真正的表单提交有什么区别,再者就是symfony是如何监听提交时间的?谢谢大家,求解决方法。
在 Symfony 中,Form 会自动添加一个 CSRF TOKEN (默认名称为 _token) 的隐藏域,用来防上非法提交,当表单被提交时,系统会先检测 _token 的有效性,因此题主你用 CURL 提交时,必需手动加入 _token,手动生成 CSRF TOKEN:
生成 CSRF TOKEN,并:
表单提交时检测 CSRF 是否有效:
或者,你可以直接在 configureOptions 禁用 CSRF: