Re: [symfony-users] [Security Component] Why The security layer will not intercept this request
understand, just like iptable, ^/(account|sales)/ is very very useful, regex, yes, it's what I need. Thanks very much. Regards, Haulyn Jason Founder, http://domix.in Rm. 807, Qilu Software Tower, Qilu Software Park 1 Shunhua Rd., High-Tech Development Zone Jinan, Shandong 250101, P. R. China Tel: +86 158 5410 3759 Website: http://haulynjason.net On Wed, Jun 1, 2011 at 7:17 PM, Christophe COEVOET wrote: > Le 01/06/2011 13:05, Haulyn Jason a écrit : > > Hi, Christophe > > You are right, the issue has solved, but I can not understand this design. > > A firewall is an authentication system. So the pattern says on which part of > the app the firewall should be applied. If the check path is not behind the > firewall, it cannot work as you are on a different authentication system (or > no authentication system if there is no firewall for this path). > > In my project, /sales, /cms and /account is individual bundles, /sales > need to be logined, /cms is public resource, /account handle the login > logic. Is that mean I have to merge account bundle to sales, otherwise > the security component can not see it? > > Regards, > > The pattern of the firewall is a regex. You can use ^/(account|sales)/ as > pattern so that it matches both of them. > > -- > Christophe | Stof > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [Security Component] Why The security layer will not intercept this request
Le 01/06/2011 13:05, Haulyn Jason a écrit : Hi, Christophe You are right, the issue has solved, but I can not understand this design. A firewall is an authentication system. So the pattern says on which part of the app the firewall should be applied. If the check path is not behind the firewall, it cannot work as you are on a different authentication system (or no authentication system if there is no firewall for this path). In my project, /sales, /cms and /account is individual bundles, /sales need to be logined, /cms is public resource, /account handle the login logic. Is that mean I have to merge account bundle to sales, otherwise the security component can not see it? Regards, The pattern of the firewall is a regex. You can use /^/(account|sales)// as pattern so that it matches both of them. -- Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [Security Component] Why The security layer will not intercept this request
Hi, Christophe
You are right, the issue has solved, but I can not understand this design.
In my project, /sales, /cms and /account is individual bundles, /sales
need to be logined, /cms is public resource, /account handle the login
logic. Is that mean I have to merge account bundle to sales, otherwise
the security component can not see it?
Regards,
Haulyn Jason
Founder, http://domix.in
Rm. 807, Qilu Software Tower, Qilu Software Park
1 Shunhua Rd., High-Tech Development Zone
Jinan, Shandong 250101, P. R. China
Tel: +86 158 5410 3759
Website: http://haulynjason.net
On Wed, Jun 1, 2011 at 6:06 PM, Christophe COEVOET wrote:
> Le 01/06/2011 12:01, Haulyn Jason a écrit :
>
> Hi,
>
> I am using Security Component, it's easy, but the problem is when I
> submit the username and password, I get the following:
>
> The controller must return a response (null given). Did you forget to
> add a return statement somewhere in your controller?
>
> OK, I know I have the following function:
> /**
> * @Route("/login_check", name="account_security_check")
> */
> public function loginCheckAction()
> {
> // The security layer will intercept this request
> }
>
> I have the configuration:
> sales:
> pattern:^/sales
> form_login:
> check_path: /account/login_check
> login_path: /account/login
>
> The issue is here: your check_path is /accounr/login_check but this firewall
> is only enabled when the url is something like /sales/* so it cannot see it.
>
> failure_path: null
> always_use_default_target_path: false
> default_target_path:/
> target_path_parameter: _target_path
> use_referer:false
> use_forward: true
> logout:
> path: /account/logout
> target: /
> invalidate_session: false
> delete_cookies:
> a: { path: null, domain: null }
> b: { path: null, domain: null }
> anonymous: ~
>
>
> At least, I do not need to implement the login_check function, isn't
> it? Or, what I lost?
>
> Thanks!
>
> Regards,
>
>
>
> --
> Christophe | Stof
>
> --
> If you want to report a vulnerability issue on symfony, please send it to
> security at symfony-project.com
>
> You received this message because you are subscribed to the Google
> Groups "symfony users" group.
> To post to this group, send email to symfony-users@googlegroups.com
> To unsubscribe from this group, send email to
> symfony-users+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en
>
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] [Security Component] Why The security layer will not intercept this request
Le 01/06/2011 12:01, Haulyn Jason a écrit :
Hi,
I am using Security Component, it's easy, but the problem is when I
submit the username and password, I get the following:
The controller must return a response (null given). Did you forget to
add a return statement somewhere in your controller?
OK, I know I have the following function:
/**
* @Route("/login_check", name="account_security_check")
*/
public function loginCheckAction()
{
// The security layer will intercept this request
}
I have the configuration:
sales:
pattern:^/sales
form_login:
check_path: /account/login_check
login_path: /account/login
The issue is here: your check_path is //accounr/login_check/ but this
firewall is only enabled when the url is something like //sales/*/ so it
cannot see it.
failure_path: null
always_use_default_target_path: false
default_target_path:/
target_path_parameter: _target_path
use_referer:false
use_forward: true
logout:
path: /account/logout
target: /
invalidate_session: false
delete_cookies:
a: { path: null, domain: null }
b: { path: null, domain: null }
anonymous: ~
At least, I do not need to implement the login_check function, isn't
it? Or, what I lost?
Thanks!
Regards,
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
[symfony-users] [Security Component] Why The security layer will not intercept this request
Hi,
I am using Security Component, it's easy, but the problem is when I
submit the username and password, I get the following:
The controller must return a response (null given). Did you forget to
add a return statement somewhere in your controller?
OK, I know I have the following function:
/**
* @Route("/login_check", name="account_security_check")
*/
public function loginCheckAction()
{
// The security layer will intercept this request
}
I have the configuration:
sales:
pattern:^/sales
form_login:
check_path: /account/login_check
login_path: /account/login
failure_path: null
always_use_default_target_path: false
default_target_path:/
target_path_parameter: _target_path
use_referer:false
use_forward: true
logout:
path: /account/logout
target: /
invalidate_session: false
delete_cookies:
a: { path: null, domain: null }
b: { path: null, domain: null }
anonymous: ~
At least, I do not need to implement the login_check function, isn't
it? Or, what I lost?
Thanks!
Regards,
Haulyn Jason
Founder, http://domix.in
Rm. 807, Qilu Software Tower, Qilu Software Park
1 Shunhua Rd., High-Tech Development Zone
Jinan, Shandong 250101, P. R. China
Tel: +86 158 5410 3759
Website: http://haulynjason.net
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
