You need to make sure to remove access restrictions for the login page. If you are following a whitelist policy, you can do so by also enabling the anonymous listener and then requiring the "IS_AUTHENTICATED_ANONYMOUSLY" role for the login page.
Johannes On Nov 2, 3:12 pm, Dennis Jacobfeuerborn <[email protected]> wrote: > I'm trying to get a form-login going with the new security framework > but I'm running into trouble. > I've followed the instructions > athttp://docs.symfony-reloaded.org/master/guides/security/authenticatio... > and used the http-basic mechanism which works fine so far. Then I > replaced the http-basic:true bit with form-login:true in the > configuration, put the login form and controller code in the right > place and added the following routes (adapted to yaml from the xml in > the documentation): > > _security_login: > pattern: /login > defaults: { _controller: DamBundle:System:login } > > _security_check: > pattern: /login_check > > The result is an endless redirect loop. Looking at the rewrite log I > can see that when I request / then I get redirected to /login which is > expected since I'm not authenticated. However then /login redirects > again to /login which causes the loop. Is there anything missing from > the above documentation that is required to get the form login > working? > > Regards, > Dennis -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
