After promoting a user for role ROLE_ADMIN via php app/console fos:user:promote xyz ROLE_ADMIN and php app/console fos:user:promote xyz --super the corresponding 'role' field in the database shows:
a:2:{i:0;s:10:"ROLE_ADMIN";i:1;s:16:"ROLE_SUPER_ADMIN";}
Both roles are added in app/config/security.yml, but after logging in as xyz I cannot access the desired page(403) and using the Symfonys toolbar the profiler/Security shows: Roles [ROLE_USER].
The other bundle related tasks like logging in/out, register/confirm via email, reset password etc. work properly. How can I force the bundle (or Symfony?) to read the roles from db or why does it not read them?
my security.yml:
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: article_index
logout:
path: /logout
target: article_index
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/article/new, role: ROLE_USER }
- { path: ^/article/create, role: ROLE_USER }
- { path: ^/comment/new, role: ROLE_USER }
acl:
connection: default
Related
I am using Symfony 2.8.2 with FOSUserBundle. When I'm trying to logout, I got the following error:
You must activate the logout in your security firewall configuration
Here's my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/login
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
anonymous: true
logout:
path: /logout
target: /login
access_control:
- { path: ^/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER }
I've also tried to set logout: true but nothing changed.
P.S. I'm not using Sonata, just FOSUserBundle.
What's the reason I'm getting this error?
It seems like you have wrong pattern for main firewall.
Setting pattern: ^/login makes this firewall valid only for matching URLs which is only /login URL.
Also, logout URL has to be inside firewall's secured area.
you must add in your security.yml
firewalls:
secured_area:
logout:
path: /logout
target: /
and in your routing.yml
logout:
path: /logout
I have loop redirect after logout
My security.yml
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
# login_path: /login111
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/accaunt, role: ROLE_USER }
- { path: ^/accaunt/, role: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
If I'm replace in config.yml handler_id: session.handler.pdo
into handler_id: ~
All good
As the name suggests, when an anonymous user try to access page A which needs an admin role, symfony redirects to the login page, login page of your seems to be also aking for a role user, and hence the error
I think your problem is a typo?! the ^/login$ in your access_control?
I'm trying to make the admin section only accessible for admin users using FOSUserBundle.
However if I go to the admin url (www.foo.local/app_dev.php/admin) without authentication, it allows me access.
In the Symfony debug toolbar it shows Logged in as anon.
I have configured the FOSUserBundle following the official documentation
Here is the security.yml config:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I don't know why it doesn't ask for the ROLE_ADMIN in order to allow access to the admin section, any ideas?
I guess that's because your rule says
- { path: ^/admin/, role: ROLE_ADMIN }
which means
www.foo.local/app_dev.php/admin/one
www.foo.local/app_dev.php/admin/two
Notice the '/' after admin
where
www.foo.local/app_dev.php/admin
won't satisfy the rule because it's missing the '/' at the end
try to change the rule to be
- { path: ^/admin, role: ROLE_ADMIN }
Hi i got an problem with my access control in symfony 2.
I want to secure the whole site except of the "/" route cause there is the login. So every route else, for example "/hello" must be secured and redirect to / if there is no user logged in.
In my security config i got this configuration:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /
logout: true
anonymous: ~
access_control:
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/.*, roles: ROLE_ADMIN }
What am I doing wrong?
This should work:
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
for more info:
http://symfony.com/doc/master/book/security.html
I am using FOSUserbundle
my security setting is like this so,if you access under /member
without login,you are transferred to Top page.
I want to add another behaivor.
If You access on toppage when you are logging in,you are transffered /member/profile
How can I make it?
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
anonymous: ~
form_login:
check_path: /login_check
login_path: /login
provider: fos_userbundle
logout:
path: /logout
target: /
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/member, role: ROLE_USER }
there are many solutions to your problem :
In the toppage controller you can redirect the user if he is logged in.
Or
You can use an event listener on kernel.request which as the responsibility to set the response if the current route is toppage and the user is logged in.
edit:
To redirect in controller: return $this->redirect($this->generateUrl('routename'))
see: http://symfony.com/doc/current/book/controller.html#redirecting
Hope it's helpful.
Best regard.