首页 > symfony2 security的防火墙功能,curl模拟表单提交报错

symfony2 security的防火墙功能,curl模拟表单提交报错

hello 大家好,由于业务需要,我采用curl模拟表单来代替真实的表单提交,可是当系统日志显示认证成功后,却在跳转时错,错误日志如下:

 security.INFO: User "admin" has been authenticated successfully [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Listener "Symfony\Component\HttpKernel\EventListener\ErrorsLoggerListener::injectLogger" was not called for event "kernel.request". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2015-06-10 16:50:46] security.DEBUG: Write SecurityContext in the session [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\ChromePhpHandler::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\RememberMe\ResponseListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". 
[] [][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\SaveSessionListener::onKernelResponse". [] []
[2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] 
[][2015-06-10 16:50:46] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onTerminate". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\FragmentListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2015-06-10 16:50:47] request.INFO: Matched route "home" (parameters: "_controller": "User\UserBundle\Controller\HomeController::index", "_route": "home") [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2015-06-10 16:50:47] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2015-06-10 16:50:47] security.INFO: Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.) [] []
[2015-06-10 16:50:47] security.DEBUG: Calling Authentication entry point [] []

模拟代码如下:

配置文件与表单提交相同,均为logintest
但是表单提交结果正确,用curl模拟就不正确。可以看到日志末尾并没有取到token,而是直接跳转回logintest。
我的问题是,不知curl模拟与真正的表单提交有什么区别,再者就是symfony是如何监听提交时间的?谢谢大家,求解决方法。


在 Symfony 中,Form 会 自动添加 一个 CSRF TOKEN (默认名称为 _token) 的隐藏域,用来防上非法提交,当表单被提交时,系统会先检测 _token 的有效性,因此题主你用 CURL 提交时,必需手动加入 _token,手动生成 CSRF TOKEN:

$intention = 'test string';
$csrf      = $this->get('form.csrf_provider');

生成 CSRF TOKEN,并:

$post_data['_token'] = $csrf->generateCsrfToken($intention);

表单提交时检测 CSRF 是否有效:

$token = $request->get('_token');

if( $csrf->isCsrfTokenValid($intention, $token) ) {
    return new Response('CSRF Token Invalid');
}

return new Response('Success');

或者,你可以直接在 configureOptions 禁用 CSRF:

$resolver->setDefaults(array(
    'csrf_protection' => true
));
【热门文章】
【热门文章】