FOSUserbundle：重定向訪問管理部分

Question

我有一個正常的FOSUserBundle安裝在我的Symfony項目。 我打算做的事情是讓我的管理部分進一步提高安全性，讓公衆不知道。我想要做的就是當有人不是管理員直接訪問這個部分時，拋出一個404錯誤，所以沒有人知道它在哪個地址，以防止核心中的黑客攻擊。 我建立了一個的ExceptionListener，它工作得很好：

public function onKernelException(GetResponseForExceptionEvent $event) 
{ 
    $exception = $event->getException(); 

     $templating = $this->container->get('templating'); 

     $response = new Response($templating->render('ScatternoteBundle:Exception:error404.html.twig', array(
      'exception' => $exception 
     ))); 

     $event->setResponse($response); 
} 

從我error404.html.twig：

{% if 'No route found for' not in exception.message and exception.message != 'Impossible to access an attribute ("album") on a NULL variable ("") in "ScatternoteBundle:Song:song.html.twig" at line 3' and 'Access Denied' not in exception.message%} 
    <span style="font-size:8pt; color:grey;">Not a 404: {{ exception.message }}; Code: {{ exception.code }}</span> 
     <br><br> 
    {% endif %} 

然而，當一個人在記錄爲用戶它纔會起作用。如果我沒有登錄並嘗試訪問/ admin，我將自動重定向到/通過FOSUserBundle登錄。我做了很多研究，但是我找不到任何有關如何阻止這種情況發生的信息，或者實際上在捆綁中處理了這個事件的信息。 我將不勝感激任何幫助。

編輯：我security.yaml：

security: 
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password 
encoders: 
    FOS\UserBundle\Model\UserInterface: sha512 

# http://symfony.com/doc/current/book/security.html#hierarchical-roles 
role_hierarchy: 
    ROLE_ADMIN:  ROLE_USER 
    ROLE_SUPER_ADMIN: ROLE_ADMIN 

# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers 
providers: 
    fos_userbundle: 
     id: fos_user.user_provider.username_email 
# the main part of the security, where you can set up firewalls 
# for specific sections of your app 
firewalls: 
    # disables authentication for assets and the profiler, adapt it according to your needs 
    dev: 
     pattern: ^/(_(profiler|wdt)|css|images|js)/ 
     security: false 
    # the login page has to be accessible for everybody 
    demo_login: 
     pattern: ^/demo/secured/login$ 
     security: false 
    main: 
         pattern: ^/ 
         form_login: 
          provider: fos_userbundle 
          csrf_provider: form.csrf_provider 
         logout:  true 
         anonymous: true 


    # secures part of the application 
    demo_secured_area: 
     pattern: ^/demo/secured/ 
     # it's important to notice that in this case _demo_security_check and _demo_login 
     # are route names and that they are specified in the AcmeDemoBundle 
     form_login: 
      check_path: _demo_security_check 
      login_path: _demo_login 
     logout: 
      path: _demo_logout 
      target: _demo 
     #anonymous: ~ 
     #http_basic: 
     # realm: "Secured Demo Area" 

# with these settings you can restrict or allow access for different parts 
# of your application based on roles, ip, host or methods 
# http://symfony.com/doc/current/cookbook/security/access_control.html 
access_control: 
       - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } 
       - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } 
       - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } 
       - { path: ^/admin, role: ROLE_ADMIN } 

Answer 1

登錄頁面有一個公共接入，這樣是正常的，爲什麼FOSUser重定向用戶登錄形式（爲了訪問受保護的區域）。當用戶訪問一個安全區域時，一個403異常（訪問被拒絕）被拋出（而不是404未找到）。 我想你應該重寫FOSUser的寄存器行動在這個RegistrationController：

if ($user->hasRole('ROLE_ADMIN')) { 
    $this->authenticateUser($user, $response); 
} else { 
throw new AccessDeniedException ('Oups !!! Access denied ') ; 
}