简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
symfony2 security的防火墙功能,curl模拟表单提交报错
PHP中文网
PHP中文网 2017-05-16 16:44:15
0
1
433

hello 大家好,由于业务需要,我采用curl模拟表单来代替真实的表单提交,可是当系统日志显示认证成功后,却在跳转时错,错误日志如下:

security.INFO: User "admin" has been authenticated successfully [] [] [2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] [] [2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest" was not called for event "kernel.request". [] [] [2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] [] [2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] [] [2015-06-10 16:50:46] security.DEBUG: Write SecurityContext in the session [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] [][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\SaveSessionListener::onKernelResponse". [] [] [2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] [][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onTerminate". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] [] [2015-06-10 16:50:47] request.INFO: Matched route "home" (parameters: "_controller": "User\UserBundle\Controller\HomeController::index", "_route": "home") [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] [] [2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] [] [2015-06-10 16:50:47] security.INFO: Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.) [] [] [2015-06-10 16:50:47] security.DEBUG: Calling Authentication entry point [] []

模拟代码如下:

配置文件与表单提交相同,均为logintest
但是表单提交结果正确,用curl模拟就不正确。可以看到日志末尾并没有取到token,而是直接跳转回logintest。
我的问题是,不知curl模拟与真正的表单提交有什么区别,再者就是symfony是如何监听提交时间的?谢谢大家,求解决方法。

PHP中文网
PHP中文网

认证0级讲师

全部回复 (1)
过去多啦不再A梦
过去多啦不再A梦2017-05-16 16:46:15 1 楼

在 Symfony 中,Form 会自动添加一个 CSRF TOKEN (默认名称为 _token) 的隐藏域,用来防上非法提交,当表单被提交时,系统会先检测 _token 的有效性,因此题主你用 CURL 提交时,必需手动加入 _token,手动生成 CSRF TOKEN:

$intention = 'test string'; $csrf = $this->get('form.csrf_provider');

生成 CSRF TOKEN,并:

$post_data['_token'] = $csrf->generateCsrfToken($intention);

表单提交时检测 CSRF 是否有效:

$token = $request->get('_token'); if( $csrf->isCsrfTokenValid($intention, $token) ) { return new Response('CSRF Token Invalid'); } return new Response('Success');

或者,你可以直接在 configureOptions 禁用 CSRF:

$resolver->setDefaults(array( 'csrf_protection' => true ));
点赞+0
添加回复
    热门专题
    更多>
    热门文章
    热门教程
    更多>
    相关教程
    热门推荐
    最新课程
    最新下载
    更多>
    网站特效
    网站源码
    网站素材
    前端模板
    关于我们 免责声明 Sitemap
    PHP中文网:公益在线PHP培训,帮助PHP学习者快速成长!