I'm using Symfony 4.1.7 in my security.yaml have this access control:
access_control:
# master:
- { path: ^/master, roles: ROLE_MASTER }
# manager:
- { path: ^/.*/manager, roles: ROLE_MANAGER }
# main:
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
when i open the second one url (/foo/manager) and not authorized i will redirected to login path i need to return access denaid not redirect to login.
my last goal is call event listener for append role to authorize user from event listener.
Update:
Here is my security firewall section:
main:
pattern: ^/
user_checker: App\Security\Checker\UserChecker
anonymous: ~
provider: default
context: primary
simple_form:
authenticator: App\Security\Authenticator\UserAuthenticator
check_path: login
login_path: login
username_parameter: phone
password_parameter: password
use_referer: true
logout:
path: logout
remember_me:
secret: '%kernel.secret%'
lifetime: 604800
path: /
remember_me_parameter: remember_me
Yo need to configure the login_path en the security.yml
Example:
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
in_memory: { memory: ~ }
encoders:
FOS\UserBundle\Model\UserInterface: sha512
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: null
Symfony Doc.
You have to allow users to access this path and instead use your controller to check the user role.
$this->denyAccessUnlessGranted('ROLE_MANAGER ', null, 'Unable to access this page!');
or
$this->isGranted('ROLE_MANAGER');
Depending on what you want to do.
Related
I'm getting the error which surprises me because in below security.yaml file
default_target_path: createEvent
is giving me an error.
If I include default_target_path: createEvent in security.yaml I get
The file "E:\Symfony\myproj\config/packages/security.yaml" does not contain valid YAML in E:\Symfony\myproj\config/packages/security.yaml (which is loaded in resource "E:\Symfony\myproj\config/packages/security.yaml").
If I remove default_target_path then it is working well, but I'm unable to redirect after login.
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
db_provider:
entity:
class: App\Entity\User
property: uname
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
provider: db_provider
form_login:
login_path: login
check_path: login
default_target_path: createEvent
logout:
path: /logout
target: /login
access_control:
- { path: ^/login/, roles: ROLE_ADMIN }
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/profile, roles: ROLE_USER }
Check if your path name createEvent is correct in your controller and add this in security.yml file
form_login:
login_path: login
check_path: login_check
always_use_default_target_path: false
default_target_path: YOUR_PATH_NAME
logout:
path: logout
target: login
To use the application which I implement the user must login first. The login form appears on the "/" url.
So I create the following "security.yml".
security:
access_decision_manager:
strategy: unanimous
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
csrf_provider: form.csrf_provider
success_handler: app_user_handler_login
failure_handler: app_user_handler_login
logout:
path: /logout
target: /
switch_user: {role: ROLE_ADMIN}
providers:
administrators:
entity: { class: AppUserBundle:User, property: username }
encoders:
App\UserBundle\Entity\User:
algorithm: bcrypt
role_hierarchy:
ROLE_USER: ~
ROLE_TEACHER: [ROLE_USER]
ROLE_EDITOR: [ROLE_TEACHER]
ROLE_ADMIN: [ROLE_EDITOR]
My routing file have the following content.
login:
path: /
defaults: { _controller: AppSecurityBundle:Default:index}
login_check:
path: /login_check
logout:
path: /logout
Now if i call the url "/app_dev.php/" the login form appears and if i enter a valid username with password i receive the following error.
"No route found for "POST //login_check"
But if i call the url "/" or "/app_dev.php" everything is ok, how can i solve this problem?
I'm trying to use FOSOAuthServerBundle.
From my ios application, I correctly get the token from /oauth/v2/token, I can see in my database the entry in AccessToken and RefreshToken with the correct user_id.
Opening the _profile, I can see I'm authenticated but I'm logged in as anonymous... why this is happening?
When trying to access /secured/api/me, I'm redirected to /login path...
Can somebody help me?
Here my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_USER
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
# form_login:
# provider: fos_userbundle
# check_path: /oauth/v2/auth_login_check
# login_path: /oauth/v2/auth_login
anonymous: true
api:
pattern: ^/api
fos_oauth: true
stateless: true
anonymous: true
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
login_path: /login
use_forward: false
failure_path: /login
oauth_user_provider:
#this is my custom user provider, created from FOSUBUserProvider - will manage the
#automatic user registration on your site, with data from the provider (facebook. google, etc.)
service: my_user_provider
logout: true
anonymous: true
login:
pattern: ^/login$
security: false
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/oauth/v2/auth, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/secured, role: [ IS_AUTHENTICATED_FULLY ] }
.
I think you have in your security.yml, under the firewall 'api ' :
//...
api :
// ...
stateless : true
// ...
You have to send the access_token on every request.
Furthermore, if you want to get an authenticated access_token, you have to get it by a request with de parameter "grant_type=password".
With this access_token, your server will recognize the user in each request.
Something like:
PROVIDER_HOST/oauth/v2/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=password&username=USERNAME&password=PASSWORD
(source: OAuth2 Explained: Part 3 - Using OAuth2 With Your Bare Hands)
When I open my home page by http://domain/app_dev.php/ru/ in Symfony debug profiler I have the following info:
Logged in as: admin
Authenticated: No
Token class: UsernamePasswordToken
My security.yml is:
providers:
users:
entity:
class: BWUserBundle:User
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
auth:
pattern: ^/
anonymous: ~
form_login:
login_path: /%locale%/user/sign-in
check_path: user_sign_in_check
success_handler: bw_user.auth_success_handler
logout:
path: user_sign_out
target: home
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
Why am I not authenticated after successful login as admin? Help to understand what it means?
You have actually removed the Symfony's default firewall:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
You must declare it to be first firewall in your securty.yml.
I am not new to symfony by any means, but I've always used FOSUserBundle which by default prevents one from having 2 different login forms for authenticating two different user types..
I have two entities, one is Admins and the other is Users. Admins will only be able to login in the administration area and likewise users will only be able to login via the front end.
I've followed: http://symfony.com/doc/2.1/book/security.html which also lead me to http://symfony.com/doc/2.1/cookbook/security/entity_provider.html
My security.yml is:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: sha512
Fm\AdminBundle\Entity\Admins: sha512
Fm\MainBundle\Entity\Users: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chain_provider:
chain:
providers: [in_memory, admin]
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
admin:
entity: { class: Fm\AdminBundle\Entity\Admins, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
anonymous: true
alogin:
pattern: ^/admin/login
security: false
login:
pattern: ^/login
security: false
secured_area:
pattern: ^/admin
anonymous: false
provider: chain_provider
switch_user: true
form_login:
check_path: /admin/login_check
login_path: /admin/login
logout:
path: /admin/logout
target: /admin
members_area:
pattern: ^/
anonymous: false
form_login: ~
logout:
path: /logout
target: /
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, roles: ROLE_ADMIN }
In my routes I have defined the routes as in the docs: (defaults to /admin/login and /admin/login_check because of my main routing include where /admin is set)
_admin_login:
pattern: /login
defaults: { _controller: FmAdminBundle:Security:login }
_admin_login_check:
pattern: /login_check
The error that I am getting in the browser is:
Unable to find the controller for path "/admin/login_check". Maybe you forgot to add the matching route in your routing configuration?
The stack trace is telling me: WARNING - Unable to look for the controller as the "_controller" parameter is missing
AND
ERROR - Symfony\Component\HttpKernel\Exception\NotFoundHttpException: Unable to find the controller for path "/admin/login_check". Maybe you forgot to add the matching route in your routing configuration? (uncaught exception) at /var/www/mysite.dev/symfony/app/bootstrap.php.cache line 1419
For implementing multiple login in symfony 2XX, try the following code
Security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Company\AngularBundle\Entity\User: plaintext
Company\AngularBundle\Entity\Admin: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
users:
entity: { class: CompanyAngularBundle:User, property: username }
admin:
entity: { class: CompanyAngularBundle:Admin, property: username }
firewalls:
admin_secured_area:
pattern: ^/admin
anonymous: ~
provider: admin
form_login:
login_path: /admin/login
check_path: /admin/login_check
default_target_path: /admin
user_secured_area:
pattern: ^/
anonymous: ~
provider: users
form_login:
login_path: login
check_path: login_check
default_target_path: /home
routing.yml
login_check:
path: /login_check
admin_login_check:
path: /admin/login_check
Twig file
Action of login form should be like this
<form action="{{ path('login_check') }}" method="post">
Action of admin/login form should be like this
<form action="{{ path('admin_login_check') }}" method="post">
The problem is that after logging into the "secured_area" firewall you get redirect to "/" which is behind the "members_area" firewall. You can't access "members_area" with your credentials from "secured_area" (at least not by default). Read the details on http://symfony.com/doc/current/reference/configuration/security.html#reference-security-firewall-context .
If you have a look at the security configuration (http://symfony.com/doc/current/reference/configuration/security.html) you can see that the default_target_path for form_login is "/". Just change this to /admin:
security:
...
firewalls:
...
secured_area:
pattern: ^/admin
...
form_login:
check_path: /admin/login_check
login_path: /admin/login
default_target_path: /admin
logout:
...
The alternative is to share the context as described in the first link (http://symfony.com/doc/current/reference/configuration/security.html#reference-security-firewall-context).