Le 24/05/2011 13:10, smpedreira a écrit :
My problem is the following
Entering the wrong password results in a "bad credentials" error (as
expected) and entering the right username and password redirects
me to / (also expected) .... but then I immediately get redirected
back to /login. Apparently Symfony forgets that I'm authenticated and
wants me to log in again.
I spent several days trying to fix this error and still so I can not
fix it. Please , I am really lost.
with users in memory this one work fine , but if I use entities it
does not work. Also read several recommended tutorials in mail-list
and the messages in
http://www.mail-archive.com/[email protected]/msg08241.html,
but that solution is not well for me. I think that the problem could
be relationed with roles, I am not sure.
My Usuario entity return getRoles like array and in BD the roles are
string like this : ROLE_ADMIN, ROLE_USER; Also I try run it without
the prefix ROLE, like ADMIN.
My security.yml:
security:
encoders:
Openxesta\UserBundle\Entity\Usuario:
algorithm: md5
iterations: 10
encode_as_base64: true
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN,
ROLE_ALLOWED_TO_SWITCH]
providers:
main:
entity: { class : UserBundle:Usuario, property: username }
#users:
#user: { password: userpass, roles: [ 'ROLE_USER' ] }
#admin: { password: adminpass, roles:
[ 'ROLE_ADMIN' ] }
firewalls:
public:
pattern: /login$
security: false
anonymous: true
login_check:
pattern: /login_check
form_login: true
security: true
anonymous: true
main:
pattern: /.*
form_login:
provider: main
check_path: /login_check
login_path: /login
always_use_default_target_path: false
default_target_path: /users/
security: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/$, role: [ROLE_USER] }
- { path: ^/.*/+$, role: [ROLE_USER] }
Your issue is simple: you are not authenticating the user against the
same security system than the one you use for your further checks. See
the common pitfalls here:
http://symfony.com/doc/current/book/security.html#using-a-traditional-login-form
As you are allowing anonymous users in the main firewall, the simpliest
way to have a working config is to remove the /public/ and /login_check/
firewalls and to keep only the main one.
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
