CakePHP Spark Plug 身份验证插件导致重定向循环
我正在尝试在新的 CakePHP 1.3 应用程序上使用身份验证插件 Spark Plug http://sandbox.andrewcroce.com。设置起来很容易,但由于某种原因,当我尝试访问用户控制器以外的任何内容时,我遇到了重定向循环错误。
该插件成功允许您注册和登录,数据库似乎已正确写入。确认电子邮件已发送,验证链接似乎激活了新用户。但是,除了用户控制器之外,我无法访问任何页面或控制器。结果是一个重定向循环,其中 http://sandbox.andrewcroce.com/errors/unauthorized 是多次要求。
对我来说,这提出了两个问题:如果我成功登录,为什么它试图将我引导到未经授权的页面?为什么它总是重定向到自己?
我想知道这是否是我在火花塞配置中不理解的配置设置,但是注释中没有太多关于这些设置的作用的解释。
任何帮助将不胜感激。
I am attempting to use the auth plugin Spark Plug on a new CakePHP 1.3 app at http://sandbox.andrewcroce.com. It is easy enough to set up, but for some reason I am getting redirect loop errors when trying to access anything other than the Users controller.
The plugin successfully allows you to register and login, the database appears to be written correctly. Confirmation emails are sent, and the verification link seems to activate a new user. However I am unable to access any page or controller, other than the Users controller. The result is a redirect loop where http://sandbox.andrewcroce.com/errors/unauthorized is repeatedly requested.
For me this raises 2 questions: if I am logged in successfully, why is it trying to direct me to the unauthorized page? and why the heck does it keep redirecting to iself?
I wonder if this is a configuration setting I am not understanding in the spark plug config, but there isn't much explanation in the comments about what these settings do.
Any help would be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不确定 Spark Plug 的具体情况,但是每当您激活 Auth 组件时,您都需要确保指定允许未经身份验证的用户执行哪些操作,否则任何对该操作的请求都将被重定向到您的错误操作是。然后,如果不允许您的错误操作,它会抛出一个错误,将您发送到...您猜对了,您的错误操作,一遍又一遍。
在每个控制器中,您的 beforeFilter() 方法中都需要一些内容,如下所示:
如果您不运行
allow()方法,则表示所有操作都不应对非经过身份验证的用户。特别是,如果您将allow('unauthorized')放入ErrorsController类中,则unauthorized操作不会在循环中重定向。I'm not sure about the Spark Plug specifics, but whenever you activate the Auth component you need to make sure you specify which actions are allowed for non-authenticated users, or else any requests for the action will be redirected to whatever your error action is. And then, if you error action isn't allowed, it will throw an error, sending you to... you guessed it, your error action, over and over.
Inside every controller, you need something inside your beforeFilter() method like this:
If you don't run the
allow()method, you're saying that none of the actions should be available to non-authenticated users. In particular, if you putallow('unauthorized')in yourErrorsControllerclass, theunauthorizedaction wouldn't redirect in a loop.在spark_plug上有一个名为“user_group_permissions”的表,例如,如果您想访问名为“posts”的控制器和“sortBy”操作(http://localhost/posts/sortby/),那么您需要将该权限添加到像这样的表:
对于这种特定情况,user_group_id 数字 3 是“Guest”,换句话说,每个人都可以访问控制器中的该操作
There is a table called "user_group_permissions" on spark_plug, for instance if you want to access a controller nameed "posts" and the action "sortBy" (http://localhost/posts/sortby/) then you need to add that permission to the table like this:
For this specific case the user_group_id number 3 is "Guest", in other words everybody will be able to access that action in the controller