FOSUserBundle/Symfony 已经集成了某种活动"标志.

FOSUserBundle / Symfony already has some kind of "active" flag integrated.

FOSUserBundleModelUser提供基本用于此目的的属性锁定"和启用".这两个属性之间的区别如下(引用@stof 的评论 here一>)

FOSUserBundleModelUser already provides the properties "locked" and "enabled" which are intended basically for this purpose. The difference between those two properties is the following ( quoting @stof's comment here)

从安全组件的角度来看，没有真正的区别:两者都禁止登录.区别在于语义一:残疾用户一般是需要激活他们的帐户(例如，当您激活需要确认 FOSUserBundle 中的电子邮件，用户在创建时被禁用并在确认时启用).另一方面，锁定用户是通常是站点管理员为禁止用户而执行的操作.在数据库中使用相同的字段没有意义允许被禁止的用户通过简单地通过确认流程.

From the Security component point of view, there is no real difference: both are forbidden to log in. The difference is a semantic one: disabled users are generally users that need to activate their account (for instance, when you activate the need to confirm the email in FOSUserBundle, the user is disabled on creation and enabled on confirmation). On the other hand, locking a user is generally an action done by the admin of the site to ban a user. Using the same field in the database does not make sense as it would allow banned user to have access again by simply going through the confirmation process.

锁定/禁用用户的检查由 AuthenticationListener 实现了 SymfonyComponentSecurityCoreUserUserCheckerInterface.

The check for locked/disabled users is being performed by a UserChecker ( symfony provides this one as @security.user_checker ) in FOSUserBundle's AuthenticationListener which implements SymfonyComponentSecurityCoreUserUserCheckerInterface.

现在为了将非活动用户重定向到不同的路线，您将:

Now in order to redirect inactive user's to a different route you would:

1. 在扩展的 AuthenticationListener 中的 try/catch 块中捕获 SymfonyComponentSecurityCoreExceptionDisabledException
2. 如果捕获的异常是 InactiveUserException 类型，则将用户重定向到某个路由

可选地将重定向移动到一个新创建的 EventListener/-Subscriber，它在扩展的 AuthenticationListener 中被分派.通过这种方式，您以后可以创建额外的侦听器，即用于日志记录，并将它们订阅到非活动用户登录尝试事件.

Optionally move the redirect to a newly created EventListener/-Subscriber which is being dispatched in the extended AuthenticationListener. This way you could later create additional Listeners i.e. for logging purposes and just subscribe them to the inactive-user login-attempt event.