I use the FOSuserbunble, everything was working fine and now for the
app_dev.php/login
I have a "Full authentication is required to access this resource."
500 Internal Server Error - InsufficientAuthenticationException
1 linked Exception: AccessDeniedException »
My security.yml is
# you can read more about security in the related section of the documentation
http://symfony.com/doc/current/book/security.html
security:
encoders:
OandP\UserBundle\Entity\User: sha512
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_ADMIN: [ROLE_CONCIERGE]
ROLE_SUPER_ADMIN: [ROLE_CONCIERGE, ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_provider.username
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
# … le pare-feu « dev »
# Firewall principal pour le reste de notre site
dev:
pattern: ^/(_(profiler|wdt)|css|images|js|ws)/
security: false
main_login:
pattern: ^/login$
anonymous: true
main_resettingRequest:
pattern: /resetting/request$
anonymous: true
main_resettingSendEmailt:
pattern: /resetting/send-email$
anonymous: true
main_resettingCheckEmail:
pattern: /resetting/check-email$
anonymous: true
main:
pattern: ^/
anonymous: false
provider: fos_userbundle
form_login:
login_path: /login
check_path: /login_check
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /
invalidate_session: false
remember_me:
key: %secret%
# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/book/security.html#security-book-access-control-matching-options
access_control:
#- { path: ^/members/hello, roles: IS_AUTHENTICATED_ANONYMOUSLY }
If someone has an idea
Thank you so much for help
You haven't set up any access_controls on your site:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/profile, role: ROLE_USER }
Related
I have problem with configuring two firewalls in my app based on Symfony2 with the use of FosUserBundle. What I want to have is, secured area for customer on my webiste, at the front level, and secured area for backend. What I had managed to do is, that I really do have two sections (/shop) and (/admin) and so far they're working but the problem is, that even when I log in on the shop form or admin form it keeps redirecting me to the same direction (/).
It's my security.yml:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_CUSTOMER: ROLE_USER
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
admin_secured:
context: site
pattern: ^/admin/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
use_referer: true
always_use_default_target_path: true
default_target_path: /admin/
login_path: /login
check_path: /admin/login_check
logout:
path: /admin/logout
anonymous: false
main:
context: site
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: /
target_path_parameter: redirect_url
login_path: frd_login
logout:
path: fos_user_security_logout
target: frd_home
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/shop/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/shop/, role: ROLE_USER }
- { path: ^/admin/, role: ROLE_SUPER_ADMIN }
And chunk of my config.yml:
fos_user:
db_driver: propel
firewall_name: main
user_class: FOS\UserBundle\Propel\User
group:
group_class: FOS\UserBundle\Propel\Group
Again, when I log in on the /admin or /shop (<- it is for customers) it's redirecting me to the home (/) but from the config I assue that in the admin section it should redirect me to /admin/ and in the shop section to the / like it does for every case.
Need some help. Haven't I missed something?
You may want to change a few things in regards to how you have named your URLs. I think that Symfony is getting confused because when you go to the admin login page (/login), you are actually using the 'main' firewall, not the 'admin_secured' firewall (notice that in order to use your admin firewall, the url must begin with the pattern '/admin'). So try something like this for you firewall settings:
firewalls:
admin_secured:
context: site
pattern: ^/admin/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
#use_referer: true # this is not needed if you always use default target
always_use_default_target_path: true
default_target_path: /admin/
login_path: /admin/login
check_path: /admin/login_check
logout:
path: /admin/logout
anonymous: false
main:
context: site
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: /
target_path_parameter: redirect_url
login_path: /shop/login
check_path: /shop/login_check
logout:
path: fos_user_security_logout
target: frd_home
anonymous: true
access_control:
- { path: ^/shop/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/shop/, role: ROLE_USER }
- { path: ^/admin/, role: ROLE_SUPER_ADMIN }
# allow all other URLS to be accessed without authentication (may or may not be what you want)
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
Give this a shot, hopefully it will work for you.
I have got that code. But when I go in browser to app_dev.php/login
The browser say: that the page has made too many redirects
security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
user_db:
entity: { class: DotfusionMerlinBundle:User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
anonymous: ~
form_login:
check_path: /login_check
login_path: /login
logout:
path: login
target: login
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
routing.yml
login:
pattern: /login
defaults: { _controller: DotfusionMerlinBundle:User:login }
login_check:
pattern: /login_check
Pop this under firewalls before the secured_area entry:
login_firewall:
pattern: ^/login$
anonymous: ~
That should fix your problem. Hope that helps.
I had the same error in an application that I had to do a deployment for and the error was as well in the security.yml file but at a different setting:
I had to change the line:
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: http }
to:
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
Because I did a deployment with https. (Change http to https in the access control config)
Hi i have redirect loop after login useing fosuserbundle
how it looks? i type good username and password then it log me in i can see it with symfony profiller
and the profiler says that This request redirects to http://web.dev/app_dev.php/admin/panel. i go there and it says This request redirects to http://web.dev/app_dev.php/admin/login. and im no longer authenticated in this place
here is my security:
jms_security_extra:
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
MainBundle\Security\User\SsoUser: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
"%api_username%": { password: "%api_password%", roles: [ 'ROLE_API' ] }
fos_userbundle:
id: fos_user.user_provider.username_email
ssoprovider:
id: sso_user_provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/demo/secured/login$
security: false
admin:
pattern: ^/admin/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: fos_user_security_login
check_path: fos_user_security_check
default_target_path: admin_main
logout:
path: fos_user_security_logout
invalidate_session: true #https://github.com/symfony/symfony/issues/5868
anonymous: true
remember_me:
name: "web_remember_me"
key: "%secret%"
lifetime: 864000 # 10 days
path: /admin
secured_area:
pattern: ^/(?!admin)
form_login:
login_path : main_user_logout
stateless: false
anonymous: false
simple_preauth:
authenticator: sso_authenticator
logout:
path: main_user_logout
invalidate_session: true
success_handler: sso_authentication_handler
api:
pattern: ^/api
stateless: true
http_basic:
realm: "Secured API Area"
access_control:
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/api/, roles: ROLE_API }
- { path: ^/, role: ROLE_USER }
It was caused because I had defined in my config.yml cookie_domain
config yml:
framework:
session:
cookie_domain: .%domain%
and I had to add for remember me domain configuration
security.yml:
admin:
remember_me:
domain: ".%domain%"
This is my security.yml file :
security:
encoders:
Acme\UserBundle\Entity\User:
algorithm: pbkdf2
iterations: 1000
encode_as_base64: false
providers:
administrators:
entity: { class: AcmeUserBundle:User, property: username }
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
secured_area:
pattern: ^/
access_denied_url: /forbidden
http_basic:
realm: "Zone de sécurité"
#formulaire de connexion
form_login:
login_path: /login
check_path: /login_check
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/adminBack, roles: ROLE_BACKEND }
- { path: ^/, roles: ROLE_USER }
I send this url : /web/app_dev.php/adminBack/create/user
it redirects to /login
asks me to sign in
I do
No problem with credentials
BUT it does not redirect to the first url : /web/app_dev.php/adminBack/create/user
Instead it goes to a blank page with only the tool bar : /web/app_dev.php/_wdt/224765
What is wrong ?
Thank you
I have to add this firewall (or keep it in fact or it will not work)
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
I thought I was finally able to properly manage the login with Symfony 2. But when I get redirected to another page after login, the System Profiler gives me back that the user is logged in but not authenticated and the role: ROLE_USER.
If I go back to the login page, however, I correctly that the user is logged in, is authenticated and has the role: ROLE_USER
I hope it's a stupid mistake because I started using Symfony recently.
Hope someone has already encountered this problem? Can anyone help me?
Edit 1:
This is my security.yml
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Wearplay\UserBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
#ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
user:
entity: { class: WearplayUserBundle:User }
firewalls:
main:
pattern: ^/
provider: user
form_login:
check_path: login_check
login_path: login
default_target_path: /home
anonymous: true
remember_me:
key: "%secret%"
lifetime: 2232000
path: /
domain: ~
logout:
path: /logout
target: /home
#secured_area:
# provider: user
# pattern: ^/
# form_login:
# check_path: login_check
# login_path: login
# default_target_path: home
# anonymous: ~
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: http }
#- { path: ^/logout, roles: IS_AUTHENTICATED_FULLY, requires_channel: https }
#- { path: ^/home, roles: ROLE_USER, requires_channel: https }
#
# You must uncomment the two following rules to restrict access to paths
# starting with the /_internal prefix to only localhost
#- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
#- { path: ^/_internal/secure, roles: ROLE_NO_ACCESS }
Try:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Wearplay\UserBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
providers:
user:
entity: { class: WearplayUserBundle:User }
firewalls:
login_firewall:
pattern: ^/login$
anonymous: ~
main_firewall:
pattern: ^/
provider: user
form_login:
check_path: /login_check
login_path: /login
default_target_path: /home
remember_me:
key: "%secret%"
lifetime: 2232000
path: /
domain: ~
logout:
path: /logout
target: /home
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: http }
- { path: ^/, roles: ROLE_USER, requires_channel:https }