Re: [symfony-users] [Security Component] Why The security layer will not intercept this request
understand, just like iptable, ^/(account|sales)/ is very very useful, regex, yes, it's what I need. Thanks very much. Regards, Haulyn Jason Founder, http://domix.in Rm. 807, Qilu Software Tower, Qilu Software Park 1 Shunhua Rd., High-Tech Development Zone Jinan, Shandong 250101, P. R. China Tel: +86 158 5410 3759 Website: http://haulynjason.net On Wed, Jun 1, 2011 at 7:17 PM, Christophe COEVOET wrote: > Le 01/06/2011 13:05, Haulyn Jason a écrit : > > Hi, Christophe > > You are right, the issue has solved, but I can not understand this design. > > A firewall is an authentication system. So the pattern says on which part of > the app the firewall should be applied. If the check path is not behind the > firewall, it cannot work as you are on a different authentication system (or > no authentication system if there is no firewall for this path). > > In my project, /sales, /cms and /account is individual bundles, /sales > need to be logined, /cms is public resource, /account handle the login > logic. Is that mean I have to merge account bundle to sales, otherwise > the security component can not see it? > > Regards, > > The pattern of the firewall is a regex. You can use ^/(account|sales)/ as > pattern so that it matches both of them. > > -- > Christophe | Stof > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [Security Component] Why The security layer will not intercept this request
Le 01/06/2011 13:05, Haulyn Jason a écrit : Hi, Christophe You are right, the issue has solved, but I can not understand this design. A firewall is an authentication system. So the pattern says on which part of the app the firewall should be applied. If the check path is not behind the firewall, it cannot work as you are on a different authentication system (or no authentication system if there is no firewall for this path). In my project, /sales, /cms and /account is individual bundles, /sales need to be logined, /cms is public resource, /account handle the login logic. Is that mean I have to merge account bundle to sales, otherwise the security component can not see it? Regards, The pattern of the firewall is a regex. You can use /^/(account|sales)// as pattern so that it matches both of them. -- Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [Security Component] Why The security layer will not intercept this request
Hi, Christophe You are right, the issue has solved, but I can not understand this design. In my project, /sales, /cms and /account is individual bundles, /sales need to be logined, /cms is public resource, /account handle the login logic. Is that mean I have to merge account bundle to sales, otherwise the security component can not see it? Regards, Haulyn Jason Founder, http://domix.in Rm. 807, Qilu Software Tower, Qilu Software Park 1 Shunhua Rd., High-Tech Development Zone Jinan, Shandong 250101, P. R. China Tel: +86 158 5410 3759 Website: http://haulynjason.net On Wed, Jun 1, 2011 at 6:06 PM, Christophe COEVOET wrote: > Le 01/06/2011 12:01, Haulyn Jason a écrit : > > Hi, > > I am using Security Component, it's easy, but the problem is when I > submit the username and password, I get the following: > > The controller must return a response (null given). Did you forget to > add a return statement somewhere in your controller? > > OK, I know I have the following function: > /** > * @Route("/login_check", name="account_security_check") > */ > public function loginCheckAction() > { > // The security layer will intercept this request > } > > I have the configuration: > sales: > pattern:^/sales > form_login: > check_path: /account/login_check > login_path: /account/login > > The issue is here: your check_path is /accounr/login_check but this firewall > is only enabled when the url is something like /sales/* so it cannot see it. > > failure_path: null > always_use_default_target_path: false > default_target_path:/ > target_path_parameter: _target_path > use_referer:false > use_forward: true > logout: > path: /account/logout > target: / > invalidate_session: false > delete_cookies: > a: { path: null, domain: null } > b: { path: null, domain: null } > anonymous: ~ > > > At least, I do not need to implement the login_check function, isn't > it? Or, what I lost? > > Thanks! > > Regards, > > > > -- > Christophe | Stof > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [Security Component] Why The security layer will not intercept this request
Le 01/06/2011 12:01, Haulyn Jason a écrit : Hi, I am using Security Component, it's easy, but the problem is when I submit the username and password, I get the following: The controller must return a response (null given). Did you forget to add a return statement somewhere in your controller? OK, I know I have the following function: /** * @Route("/login_check", name="account_security_check") */ public function loginCheckAction() { // The security layer will intercept this request } I have the configuration: sales: pattern:^/sales form_login: check_path: /account/login_check login_path: /account/login The issue is here: your check_path is //accounr/login_check/ but this firewall is only enabled when the url is something like //sales/*/ so it cannot see it. failure_path: null always_use_default_target_path: false default_target_path:/ target_path_parameter: _target_path use_referer:false use_forward: true logout: path: /account/logout target: / invalidate_session: false delete_cookies: a: { path: null, domain: null } b: { path: null, domain: null } anonymous: ~ At least, I do not need to implement the login_check function, isn't it? Or, what I lost? Thanks! Regards, -- Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] [Security Component] Why The security layer will not intercept this request
Hi, I am using Security Component, it's easy, but the problem is when I submit the username and password, I get the following: The controller must return a response (null given). Did you forget to add a return statement somewhere in your controller? OK, I know I have the following function: /** * @Route("/login_check", name="account_security_check") */ public function loginCheckAction() { // The security layer will intercept this request } I have the configuration: sales: pattern:^/sales form_login: check_path: /account/login_check login_path: /account/login failure_path: null always_use_default_target_path: false default_target_path:/ target_path_parameter: _target_path use_referer:false use_forward: true logout: path: /account/logout target: / invalidate_session: false delete_cookies: a: { path: null, domain: null } b: { path: null, domain: null } anonymous: ~ At least, I do not need to implement the login_check function, isn't it? Or, what I lost? Thanks! Regards, Haulyn Jason Founder, http://domix.in Rm. 807, Qilu Software Tower, Qilu Software Park 1 Shunhua Rd., High-Tech Development Zone Jinan, Shandong 250101, P. R. China Tel: +86 158 5410 3759 Website: http://haulynjason.net -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en