0
我正在構建一個REST API,我遇到的問題是可以由任何人創建的資源(應用程序),但一旦創建,它只能被檢索並且由具有給定ROLE的經過驗證的用戶更新。Symfony2安全:限制資源的所有方法,但POST
問題是我在security.yml的防火牆部分保護了這個資源,但是它不允許我爲特定的http方法配置它。
這是我security.yml
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
Symfony\Component\Security\Core\User\User: plaintext
OAuth2\ServerBundle\Entity\User:
algorithm: sha512
encode_as_base64: true
iterations: 5000
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
oauth2:
id: oauth2.user_provider
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
api:
pattern: ^/api/(agents|regions|applications)
stateless: true
simple_preauth:
authenticator: dnd_token_authenticator
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/cookbook/security/access_control.html
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
#- { path: ^/api/applications, roles: IS_AUTHENTICATED_ANONYMOUSLY, methods: POST }