Hm, the problem was that I excluded the /login.* pages like this:
public:
pattern: /login.*
security: false
main:
pattern: /.*
form_login: true
logout: true
with the result that the "security: false" also disabled the listener
(or so I'm guessing):
After enabling the anonymous listener and using an access_control of
"{ path: /login.*, role: IS_AUTHENTICATED_ANONYMOUSLY }"
things now almost seem to work.
Entering the wrong password results in a "bad credentials" error (as
expected) and entering the right username and password redirects
me to / (also expected) .... but then I immediately get redirected
back to /login. Apparently Symfony forgets that I'm authenticated and
wants me to log in again.
Regards,
Dennis
On Nov 2, 6:03 pm, Johannes <[email protected]> wrote:
> You don't need a controller as the firewall listener will take care of
> this.
>
> My guess is that you have not configured form-login for the
> login_check page, so the listener never gets called.
>
> Johannes
>
> On 2 Nov., 17:14, Dennis Jacobfeuerborn <[email protected]>
> wrote:
>
> > Indeed excluding /login.* from any restrictions got rid of the
> > redirect loop, thanks.
>
> > Now when I try to login the form gets submitted to /login_check which
> > results in an "Unable to find the controller." message.
> > Given that no controller is defined for that path that is to be
> > expected I guess but the example in the documentation doesn't
> > provide a controller either and it says that the submission is handled
> > automatically and I only have to implement the display
> > of the form (which works).
> > So I'm not sure which controller I'm supposed to route /login_check
> > to.
>
> > Regards,
> > Dennis
>
> > On Nov 2, 3:43 pm, Johannes <[email protected]> wrote:
>
> > > You need to make sure to remove access restrictions for the login
> > > page.
>
> > > If you are following a whitelist policy, you can do so by also
> > > enabling the anonymous listener and then requiring the
> > > "IS_AUTHENTICATED_ANONYMOUSLY" role for the login page.
>
> > > Johannes
>
> > > On Nov 2, 3:12 pm, Dennis Jacobfeuerborn <[email protected]>
> > > wrote:
>
> > > > I'm trying to get a form-login going with the new security framework
> > > > but I'm running into trouble.
> > > > I've followed the instructions
> > > > athttp://docs.symfony-reloaded.org/master/guides/security/authenticatio...
> > > > and used the http-basic mechanism which works fine so far. Then I
> > > > replaced the http-basic:true bit with form-login:true in the
> > > > configuration, put the login form and controller code in the right
> > > > place and added the following routes (adapted to yaml from the xml in
> > > > the documentation):
>
> > > > _security_login:
> > > > pattern: /login
> > > > defaults: { _controller: DamBundle:System:login }
>
> > > > _security_check:
> > > > pattern: /login_check
>
> > > > The result is an endless redirect loop. Looking at the rewrite log I
> > > > can see that when I request / then I get redirected to /login which is
> > > > expected since I'm not authenticated. However then /login redirects
> > > > again to /login which causes the loop. Is there anything missing from
> > > > the above documentation that is required to get the form login
> > > > working?
>
> > > > Regards,
> > > > Dennis
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
