I can not access the admin page from my symfony project.
If I visit XXX.XXX.XXX.XXX/admin I get:
Full authentication is required to access this resource
However going to XXX.XXX.XXX.XXX/security/login gives me the login page.
What am I doing wrong?
security:
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory:
users:
admin:
password: XXX
roles: 'ROLE_ADMIN'
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/admin
anonymous: ~
main:
anonymous: ~
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
form_login:
login_path: security_login
check_path: security_login
csrf_token_generator: security.csrf.token_manager
default_target_path: userRedirectAction
logout:
path: /logout
target: /blog
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }
I think under your secured area firewall you need to specify an authentication type such as http_basic: ~
secured area should be:
secured_area:
pattern: ^/blog/admin
It's working now
If you want just test if it does work, you may change your user's role in the path, an delete the anonymous option
- { path: ^/admin, roles: IS_AUTHENTICATED_ANONYMOUSLY }
It should be work
Related
I can not have two different providers for user and admin with two different forms
I want to have two firewalls, for users and for admins. I created two different providers linking two different entities. I can log in as a user, but never as Admin .. I do not understand what I need to add more.
Another thing, I know that there is app.user. But is there also app.admin? In order to have two completely separate accounts on two different firewalls?
security:
providers:
user_provider:
entity:
class: App\Entity\User
property: username
admin_provider:
entity:
class: App\Entity\Admin
property: username
chain_provider:
chain:
providers: [user_provider, admin_provider]
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
provider: user_provider
anonymous: true
logout:
path: /logout
target: /login
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
path: /
form_login:
login_path: /login
check_path: /login
backoffice:
pattern: ^/backoffice
provider: admin_provider
logout:
path: /backoffice/logout
target: /backoffice/login
form_login:
login_path: /backoffice/login
check_path: /backoffice/login
access_control:
- { path: ^/backoffice/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backoffice, roles: ROLE_ADMIN }
- { path: ^/mon-compte, roles: ROLE_USER }
encoders:
App\Entity\User:
algorithm: bcrypt
cost: 12
App\Entity\Admin:
algorithm: bcrypt
cost: 12
I have null error when I call $authenticationUtils->getLastAuthenticationError()
Switch firewalls order, so the main firewall is the last one.
Symfony uses only one firewall per request and it's the first matched with the pattern. So in your case it's using main firewall for ^/backoffice urls too because /backoffice matches ^/ pattern.
I'm not sure if it will solve all your issues here, but you need to do this in order to really use backoffice firewall.
Regarding app.user and app.admin - no, there's no app.admin. Admin is a user too, so when you'll be logged in as admin, you'll get its entity with app.user
Here is my updated security.yaml :
security:
providers:
admin_provider:
entity:
class: App\Entity\Admin
property: username
user_provider:
entity:
class: App\Entity\User
property: username
chain_provider:
chain:
providers: [user_provider, admin_provider]
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
backoffice:
pattern: ^/backoffice
provider: admin_provider
anonymous: true
logout:
path: admin.logout
target: admin.login
form_login:
login_path: admin.login
check_path: admin.login
default_target_path: admin.index
main:
pattern: ^/
provider: user_provider
anonymous: true
logout:
path: logout
target: login
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
path: /
form_login:
login_path: login
check_path: login
access_control:
- { path: ^/backoffice/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backoffice, roles: ROLE_ADMIN }
- { path: ^/mon-compte, roles: ROLE_USER }
encoders:
App\Entity\User:
algorithm: bcrypt
cost: 12
App\Entity\Admin:
algorithm: bcrypt
cost: 12
I'm new to symfony and it is getting really hard to understand the documentation about security. So I'm here in hope that someone can lend me a hand. I've been working on teachers(profesores) and students(alumnos), where each of then can just access to their respective area (/profesores/.* and /alumnos/.*). However, I get the browser login to appear when I access these url, but they don't get the created users from their respective entities.
My security is set as follows:
security:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
area_profesores:
pattern: /profesores/.*
provider: profesores_desde_bd
switch_user:
role: ROLE_PROFESOR
anonymous: ~
form_login:
check_path: /profesores/login_check
login_path: /profesores/login
logout:
path: /profesores/logout
target: /portada/
area_alumnos:
pattern: /alumnos/.*
provider: alumnos_desde_bd
switch_user:
role: ROLE_ALUMNO
anonymous: ~
form_login:
check_path: /alumnos/login_check
login_path: /alumnos/login
logout:
path: /alumnos/logout
target: /portada/
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
http_basic: ~
access_control:
- { path: ^/profesores, roles: ROLE_PROFESOR}
- { path: ^/alumnos, roles: ROLE_ALUMNO }
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
# https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
profesores_desde_bd:
entity:
class: AppBundle\Entity\Profesores
property: username
alumnos_desde_bd:
entity:
class: AppBundle\Entity\Alumnos
property: username
encoders:
AppBundle\Entity\Profesores:
algorithm: bcrypt
cost: 12
iterations: 0
AppBundle\Entity\Alumnos:
algorithm: bcrypt
cost: 12
iterations: 0
Symfony\Component\Security\Core\User\User:
algorithm: bcrypt
cost: 12
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
#http_basic: ~
# https://symfony.com/doc/current/security/form_login_setup.html
#form_login: ~
The answer is:
I need to erase
main:
anonymous: ~
http_basic: ~
since that authentication does not log me in.
I have a Symfony application, which I want to access via both login and OAuth client credential authentication, using the same routes.
I have achieved this with the following firewall setup:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth:
pattern: ^/
stateless: true
simple_preauth:
authenticator: AppBundle\Security\AccessTokenAuthenticator
provider: access_token_user_provider
main:
anonymous: ~
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
http_basic: ~
provider: chain_provider
# https://symfony.com/doc/current/security/form_login_setup.html
form_login:
login_path: login
check_path: login
csrf_token_generator: security.csrf.token_manager
#failure_path: login_failure
logout:
path: /logout
invalidate_session: true
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/site/signup, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/site/get_token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: [ROLE_CUSTOMER, ROLE_PARTNER] }
However when I do this, all anonymous routes at the bottom are now checked with the AccessTokenAuthenticator as well and don't work anymore.
Do I need to manually exclude them like the profiler routes or is there a better way to handle them all through the access_control: entries?
I think the order of the rules in the security file may be different. Would you say that way.
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# First Main Firewall
main:
anonymous: ~
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
http_basic: ~
provider: chain_provider
# https://symfony.com/doc/current/security/form_login_setup.html
form_login:
login_path: login
check_path: login
csrf_token_generator: security.csrf.token_manager
#failure_path: login_failure
logout:
path: /logout
invalidate_session: true
# Second Oauth Firewall
oauth:
pattern: ^/
stateless: true
simple_preauth:
authenticator: AppBundle\Security\AccessTokenAuthenticator
provider: access_token_user_provider
I solved this by using multiple authentication providers in the same firewall:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
http_basic: ~
provider: chain_provider
# https://symfony.com/doc/current/security/form_login_setup.html
simple_preauth:
authenticator: AppBundle\Security\AccessTokenAuthenticator
provider: access_token_user_provider
form_login:
login_path: login
check_path: login
csrf_token_generator: security.csrf.token_manager
#failure_path: login_failure
logout:
path: /logout
invalidate_session: true
I try to configure FOSUserBundle in Symfony 2.7 but I still get "You must configure the check path to be handled by the firewall using form_login in your security firewall configuration." exception.
I searched vendor folder for Security Controller and I found that checkAction throws such exception.
I would like to allow
admin to log into /admin section,
and editors to /editor section.
I use two ways of logging: one is in_memory, and second fos_userbundle. This is my security.yml
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Inpero\PageBundle\Entity\User: bcrypt
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_EDITOR: ROLE_USER
ROLE_ADMIN: [ROLE_EDITOR, ROLE_USER]
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory:
users:
admin: { password: pass1, roles: [ 'ROLE_ADMIN' ] }
fos_userbundle:
id: fos_user.user_provider.username
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# the login page has to be accessible for everybody
page_login:
pattern: ^/admin/login$
security: false
page_admin:
pattern: ^/admin
form_login:
check_path: my_page_check
login_path: my_page_login
logout:
path: my_page_logout
target: /
editor_login:
pattern: ^/editor/login
security: false
editors:
pattern: ^/editor
form_login:
provider: fos_userbundle
check_path: /editor/login_check
login_path: /editor/login
failure_path: /editor/login
default_target_path: /editor/
always_use_default_target_path: true
#csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
csrf_provider: form.csrf_provider
logout:
path: fos_user_security_logout
target: /
anonymous: ~
# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/book/security.html#security-book-access-control-matching-options
access_control:
- { path: ^/efconnect, role: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/elfinder, role: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/editor, role: ROLE_EDITOR }
What am I doing wrong?
I am not new to symfony by any means, but I've always used FOSUserBundle which by default prevents one from having 2 different login forms for authenticating two different user types..
I have two entities, one is Admins and the other is Users. Admins will only be able to login in the administration area and likewise users will only be able to login via the front end.
I've followed: http://symfony.com/doc/2.1/book/security.html which also lead me to http://symfony.com/doc/2.1/cookbook/security/entity_provider.html
My security.yml is:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: sha512
Fm\AdminBundle\Entity\Admins: sha512
Fm\MainBundle\Entity\Users: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chain_provider:
chain:
providers: [in_memory, admin]
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
admin:
entity: { class: Fm\AdminBundle\Entity\Admins, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
anonymous: true
alogin:
pattern: ^/admin/login
security: false
login:
pattern: ^/login
security: false
secured_area:
pattern: ^/admin
anonymous: false
provider: chain_provider
switch_user: true
form_login:
check_path: /admin/login_check
login_path: /admin/login
logout:
path: /admin/logout
target: /admin
members_area:
pattern: ^/
anonymous: false
form_login: ~
logout:
path: /logout
target: /
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, roles: ROLE_ADMIN }
In my routes I have defined the routes as in the docs: (defaults to /admin/login and /admin/login_check because of my main routing include where /admin is set)
_admin_login:
pattern: /login
defaults: { _controller: FmAdminBundle:Security:login }
_admin_login_check:
pattern: /login_check
The error that I am getting in the browser is:
Unable to find the controller for path "/admin/login_check". Maybe you forgot to add the matching route in your routing configuration?
The stack trace is telling me: WARNING - Unable to look for the controller as the "_controller" parameter is missing
AND
ERROR - Symfony\Component\HttpKernel\Exception\NotFoundHttpException: Unable to find the controller for path "/admin/login_check". Maybe you forgot to add the matching route in your routing configuration? (uncaught exception) at /var/www/mysite.dev/symfony/app/bootstrap.php.cache line 1419
For implementing multiple login in symfony 2XX, try the following code
Security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Company\AngularBundle\Entity\User: plaintext
Company\AngularBundle\Entity\Admin: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
users:
entity: { class: CompanyAngularBundle:User, property: username }
admin:
entity: { class: CompanyAngularBundle:Admin, property: username }
firewalls:
admin_secured_area:
pattern: ^/admin
anonymous: ~
provider: admin
form_login:
login_path: /admin/login
check_path: /admin/login_check
default_target_path: /admin
user_secured_area:
pattern: ^/
anonymous: ~
provider: users
form_login:
login_path: login
check_path: login_check
default_target_path: /home
routing.yml
login_check:
path: /login_check
admin_login_check:
path: /admin/login_check
Twig file
Action of login form should be like this
<form action="{{ path('login_check') }}" method="post">
Action of admin/login form should be like this
<form action="{{ path('admin_login_check') }}" method="post">
The problem is that after logging into the "secured_area" firewall you get redirect to "/" which is behind the "members_area" firewall. You can't access "members_area" with your credentials from "secured_area" (at least not by default). Read the details on http://symfony.com/doc/current/reference/configuration/security.html#reference-security-firewall-context .
If you have a look at the security configuration (http://symfony.com/doc/current/reference/configuration/security.html) you can see that the default_target_path for form_login is "/". Just change this to /admin:
security:
...
firewalls:
...
secured_area:
pattern: ^/admin
...
form_login:
check_path: /admin/login_check
login_path: /admin/login
default_target_path: /admin
logout:
...
The alternative is to share the context as described in the first link (http://symfony.com/doc/current/reference/configuration/security.html#reference-security-firewall-context).