注册后Symfony2自动登录

Question

我已经搜索过this topic了，但对我没什么帮助。

注册后如何对用户进行身份验证？我的错误在哪里？

security.yml

security:

    providers:
      #chain_provider is used here to implement a multiple firewalls in future: admins, accounts ...
      chain_provider:
        chain:
          providers: [admins,accounts]
      admins:
        entity: { class: FME\Bundle\_CoreBundle\Entity\Admin, property: username }
      accounts:
        entity: { class: FME\Bundle\_CoreBundle\Entity\Account, property: email }

    encoders:
        FME\Bundle\_CoreBundle\Entity\Admin: sha512
        FME\Bundle\_CoreBundle\Entity\Account: sha512

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        #no firewall for the Login page
        admin_area_login:
          pattern:  ^/admin/login$
          security: false

        admin_area:
            pattern:    ^/admin/
            provider: admins
            form_login:
                check_path: fme_aa_login_handler
                login_path: fme_aa_login
            logout:
                path:   fme_aa_logout
                target: fme_aa_login
            #anonymous: ~
            #http_basic:
            #    realm: "Secured Demo Area"

        #no firewall for the Login page
        account_area_login:
          pattern:  ^/account/login$
          security: false

        account_area:
            pattern:    ^/account/
            provider: accounts
            form_login:
                check_path: fme_aca_login_handler
                login_path: fme_aca_login
            logout:
                path:   fme_aca_logout
                target: fme_aca_login

用于注册的控制器如下：

namespace FME\Bundle\FtdBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;

use FME\Bundle\_CoreBundle\Entity\Account;
use FME\Bundle\FtdBundle\Form\RegistrationType;

/**
 * @Route("/registration")
 */
class RegistrationController extends Controller
{      
    /**
     * Account registration
     * 
     * @Route("/",name="fme_ftd_registration")
     * @Template()
     */
    public function indexAction(Request $request)
    {
        $account = new Account();

        //set default role group
        $account->setRoleGroup($this->getDoctrine()->getRepository('FMECoreBundle:AccountRoleGroup')->findDefault());

        //default company type from the FMECoreBundle is used
        $form = $this->createForm(new RegistrationType(), $account);

        if ($request->isMethod('POST'))
        {
            $form->bind($request);

            if ($form->isValid())
            {
                $encoder = $this->container->get('security.encoder_factory')->getEncoder($account);

                //encode password using current encoder
                $password = $encoder->encodePassword($form->get('password')->getData(), $account->getSalt());

                //set encrypted password
                $account->setPassword($password);

                //save an object in the DB
                $em = $this->getDoctrine()->getEntityManager();
                $em->persist($account);
                $em->flush();

                //send the token to account via email
                if (! $this->_sendVerificationToken($account))
                {
                    $this->get('session')->setFlash('error', 
                        $this->get('translator')->trans('Error sending the verification token.')
                    );
                }

                $this->get('session')->setFlash('success', 
                    $this->get('translator')->trans('Your account was created. Please check you inbox to verify the email.')
                );

                //Automatic post-registration user authentication
                $this->_authenticateAccount($account);

                //redirect to home page in the account area
                return $this->redirect($this->generateUrl('fme_aca_dashboard'));
            }
        }

        return array('form' => $form->createView());
    }

    /**
     * Send the token to verify an account email
     */
    protected function _sendVerificationToken(Account $account)
    {
        return TRUE;
    }

    /**
     * Automatic post-registration user authentication
     */
    protected function _authenticateAccount(Account $account)
    {
        $token = new UsernamePasswordToken($account, null, 'account_area', $account->getRoles());
        $this->get('security.context')->setToken($token);
    }
}

Answer 1

首先，确保注册页面适合其中一个防火墙。然后为每个防火墙附加附加参数：

context: <string>

如下所示：

    account_area_login:
        ...
        context: administration

    admin_area:
        ...
        context: administration

上下文允许在不同的防火墙之间共享身份验证cookie。因此，为了在注册后保持用户的身份验证，注册页面的防火墙和其他防火墙应该具有相同的上下文。