[symfony-users] no user-token after login
hi, i have no access to the user-token when i calling the 'security.context'. the logger says that a user has logged in successfully and there are also data in the session. my config: security: encoders: users: class: Project\UserBundle\Entity\User algorithm: plaintext providers: default: entity: { class: UserBundle:User } firewalls: default: pattern: /backend.* login_check: pattern: /login_check security: true anonymous: true form_login: true login: pattern: /login security: true anonymous: true ROLE_ADMIN: ROLE_USER ROLE_SUPERADMIN : ROLE_ADMIN access_control: - { path: /backend.*, role: ROLE_USER } - { path: /login_check, role: IS_AUTHENTICATED_ANONYMOUSLY } thx for your help -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] no user-token after login
Le 22/02/2011 16:52, Florian Semm a écrit : hi, i have no access to the user-token when i calling the 'security.context'. the logger says that a user has logged in successfully and there are also data in the session The context is not shared between the different firewalls by default so you have to use the same firewall for the login and the securized part. So you will only use one firewall unless you want separate authentications on the frontend and the backend. The firewall is about *authentication* (knowing who your user is) not about authorization. The authorization work has to be done with the access control map, not with the pattern of the firewall. -- Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
Re: [symfony-users] no user-token after login
i have modifiyed my config. i think is nearly the same to your config. security: encoders: users: class: Project\UserBundle\Entity\User algorithm: plaintext providers: default: entity: { class: UserBundle:User } firewalls: backend: pattern: /.* form-login: login_path: /login check_path: /login_check logout: true provider: default anonymous: true access_control: - { path: /backend/.*, role: ROLE_USER } the login/session-data is still okay, but the security.context stores an anoymous-token again. Original-Nachricht > Datum: Tue, 22 Feb 2011 17:06:28 +0100 > Von: Christophe COEVOET > An: symfony-users@googlegroups.com > Betreff: Re: [symfony-users] no user-token after login > Le 22/02/2011 16:52, Florian Semm a écrit : > > hi, > > > > i have no access to the user-token when i calling the > 'security.context'. the logger says that a user has logged in successfully > and there are also > data in the session > The context is not shared between the different firewalls by default so > you have to use the same firewall for the login and the securized part. > So you will only use one firewall unless you want separate > authentications on the frontend and the backend. > > The firewall is about *authentication* (knowing who your user is) not > about authorization. The authorization work has to be done with the > access control map, not with the pattern of the firewall. > > -- > Christophe | Stof > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en