I am using the FOSUserBundle and am successfully creating users in my database. However, I'm trying to log users in and only have ROLE_ADMIN users access /admin by following the Symfony security walk-through.
However, even without having figured out logging users in, when I try to access localhost/app_dev.php/admin I am able to access it as the "Anon" user. Below are my security.yml and controller files:
app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/admin/, role: ROLE_ADMIN }
src/AppBundle/Controller/DefaultController.php
class DefaultController extends Controller
{
/**
* #Route("/admin", name="admin")
*/
public function AdminAction(Request $request)
{
return $this->render('default/admin.html.twig', array(
'title' => 'Welcome Admin!!'
));
}
}
I'm not familiar with FOSUserBundle however your access_control entry is for the path /admin/ - note the trailing slash whereas your example localhost/app_dev.php/admin doesn't. If you remove that from your access_control entry or change your routes then this should work as expected.
E.g.
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
Related
I want to show a certain div if the user has ROLE_ADMIN attributed to him. In the database, the user has the roles ROLE_ADMIN and ROLE_USER:
a:1:{i:0;s:10:"ROLE_ADMIN";}
However, when I use the following code, the user is not granted permission and the div is not shown:
{% if is_granted('ROLE_ADMIN') %}
<div class="settings">...</div>
{% endif %}
The div is shown if I use is_granted('ROLE_USER') instead.
A Twig dump shows me that the user indeed has both roles attributed to him.
Any ideas as to why this code doesn't work as expected?
Extra code info:
security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_ADMIN
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
login_path: /login
check_path: /login_check
oauth:
resource_owners:
facebook: "/login/check-facebook"
google: "/login/check-google"
login_path: /login
failure_path: /login
oauth_user_provider:
service: my_user_provider
logout: true
anonymous: true
login:
pattern: ^/login$
security: false
remember_me:
secret: "%env(APP_SECRET)%"
always_remember_me: true
path: /
domain: ~
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
The getRoles() functionality is handled via the User entity from FOSUserBundle:
public function getRoles()
{
$roles = $this->roles;
foreach ($this->getGroups() as $group) {
$roles = array_merge($roles, $group->getRoles());
}
// we need to make sure to have at least one role
$roles[] = static::ROLE_DEFAULT;
return array_unique($roles);
}
I've built a web app using Symfony 2.8 and I've now got to the task of separating the admin area from the front end. I have done that using the following code in the security.yml file:
security:
encoders:
MyApp\Bundle\CoreBundle\Entity\Users:
algorithm: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_BLOCKED
providers:
main:
entity: { class: MyApp\Bundle\CoreBundle\Entity\Users, property: username }
firewalls:
default:
anonymous: ~
secured_area:
pattern: ^/admin
anonymous: ~
access_denied_url: core_login
form_login:
check_path: core_login_check
login_path: core_login
failure_path: core_login
default_target_path: ^/admin/booking/today/
logout:
path: core_logout
target: core_login
access_control:
- { path: ^/admin, roles: 'ROLE_ADMIN' }
- { path: ^/ajax/admin, roles: 'ROLE_ADMIN' }
- { path: ^/ajax/backend, roles: 'ROLE_ADMIN' }
- { path: ^/, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' }
This is working for me in terms of blocking access to the areas I want. However, if the anonymous user tries to access /admin I get the following message:
Full authentication is required to access this resource.
When I do this in the production environment, I just get the standard 500 error.
What I want to have happen is the user be redirected to the login page. This isn't happening at the moment, so what can I do to acheive this?
I try to configure FOSUserBundle in Symfony 2.7 but I still get "You must configure the check path to be handled by the firewall using form_login in your security firewall configuration." exception.
I searched vendor folder for Security Controller and I found that checkAction throws such exception.
I would like to allow
admin to log into /admin section,
and editors to /editor section.
I use two ways of logging: one is in_memory, and second fos_userbundle. This is my security.yml
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Inpero\PageBundle\Entity\User: bcrypt
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_EDITOR: ROLE_USER
ROLE_ADMIN: [ROLE_EDITOR, ROLE_USER]
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory:
users:
admin: { password: pass1, roles: [ 'ROLE_ADMIN' ] }
fos_userbundle:
id: fos_user.user_provider.username
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# the login page has to be accessible for everybody
page_login:
pattern: ^/admin/login$
security: false
page_admin:
pattern: ^/admin
form_login:
check_path: my_page_check
login_path: my_page_login
logout:
path: my_page_logout
target: /
editor_login:
pattern: ^/editor/login
security: false
editors:
pattern: ^/editor
form_login:
provider: fos_userbundle
check_path: /editor/login_check
login_path: /editor/login
failure_path: /editor/login
default_target_path: /editor/
always_use_default_target_path: true
#csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
csrf_provider: form.csrf_provider
logout:
path: fos_user_security_logout
target: /
anonymous: ~
# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/book/security.html#security-book-access-control-matching-options
access_control:
- { path: ^/efconnect, role: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/elfinder, role: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/editor, role: ROLE_EDITOR }
What am I doing wrong?
When I try and login, the page keeps redirecting on itself. This is the Firefox error I get:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for
this address in a way that will never complete.
Any ideas what could be causing it?
SECURITY.YML:
security:
encoders:
FixedApp\Model\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_LIMITED_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
administrators:
entity: { class: FixedApp\Model\User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/$
security: false
secured_area:
pattern: ^/
form_login:
check_path: fixed_app_authentication_login
login_path: fixed_app_authentication_homepage
username_parameter: username
password_parameter: password
default_target_path: fixed_app_authentication_homepage
always_use_default_target_path: true
success_handler: security.authentication.success_handler
logout:
path: fixed_app_authentication_logout
target: fixed_app_homepage
# To give access to the ROLE_LIMITED_ADMIN, use - role: [ROLE_USER, ROLE_LIMITED_ADMIN]
access_control:
- { path: ^/log-in$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /home, roles: ROLE_USER }
ROUTING.YML:
fixed_app_homepage:
pattern: /
defaults: { _controller: FixedAppAuthenticationBundle:Default:index }
fixed_app_authentication_homepage:
pattern: /home
defaults: { _controller: FixedAppAuthenticationBundle:Default:loggedIn }
fixed_app_authentication_logout:
path: /log-out
# Verify the log in
fixed_app_authentication_login:
pattern: /log-in
AUTHENTICATIONSUCCESSHANDLER.PHP
It makes no difference if I comment the return line out though.
function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
return new RedirectResponse($this->router->generate('fixed_app_authentication_homepage'));
}
form_login:
login_path: fixed_app_authentication_homepage
Is not where you redirect to after login but in fact where you login from and it has to allow anonymous users as you get redirected there on authentication fail. So if you're seeing an authentication fail you'll get that endless redirect behaviour.
You need to allow it to be IS_AUTHENTICATED_ANONYMOUSLY
E.g.
- { path: /home, roles: IS_AUTHENTICATED_ANONYMOUSLY }
If that's not what you intended, you need to make a separate page for login_path and then redirect to your secure /home page on success.
i have a Twig extension menu in my page, but i need use isGranted method to display the menu items according to the user, but symfony2 profilers shows me an alert:
The profilers says:
AuthenticationCredentialsNotFoundException: The security context contains no authentication token. One possible reason may be that there is no firewall configured for this URL.
in C:\xampp\htdocs\galvez_motos\app\cache\dev\classes.php line 2395
at SecurityContext->isGranted('ROLE_ADMIN') in C:\xampp\htdocs\galvez_motos\src\GalvezMotos\AlmacenBundle\Twig\MenuExtension.php line 432
How can i use the isGranted method before login?
security.yml:
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
logout:
path: /logout
target: /
invalidate_session: false
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }
providers:
user_db:
entity: { class: GalvezMotos\AlmacenBundle\Entity\Usuario, property: username }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
encoders:
GalvezMotos\AlmacenBundle\Entity\Usuario:
algorithm: sha1
iterations: 1
encode_as_base64: false
Pd: Images