Re: [symfony-devs] login redirect loop

Mon, 30 May 2011 04:14:42 -0700 

Hi, and thank you so much.

I think that I understand the problem in login_check firewall. the
problem is the login_check firewall,  not?,
I can not understand well the security config, mainly how the
login_check action performs its task.

I had some problems if I do not put some pattern (like /web-app/)
before login, because with /login produces problems like for example
it shows two repeated login form or in this case it does not
authenticate the user.

My new configuration is the following and this one works. but I delete
/web-app/  this one return TWO REPEATED LOGIN FORM.
I would like to understand why it does that.

security.yml

security:

    encoders:
        Openxesta\UserBundle\Entity\Usuario:
            algorithm:  md5
            iterations: 10
            encode_as_base64: true

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        main:
            entity: { class : UserBundle:Usuario, property: username }


    firewalls:
       public:
            pattern:  ^/web-app/login$
            security : false
            anonymous: true


       main:
            pattern: ^/web-app/
            form_login:
                provider: main
                check_path: /web-app/login_check
                login_path: /web-app/login
                always_use_default_target_path: true
                default_target_path: /web-app/users/
                use_referer: true
            security: true
            anonymous: false


    access_control:

        - { path: ^/web-app/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/$, role: 'ROLE_USER' }
        - { path: ^/web-app/users/$, role: [ROLE_USER] }

---------------------------------------------------------------------------------------------------------------------------------------------------------

_openxesta_login:
    pattern: /web-app/login
    defaults: { _controller: SecuredBundle:Secured:login }

_openxesta_check:
    pattern: /web-app/login_check

_openxesta_logout:
    pattern:  /web-app/logout

--------------------------------------------------------------------------------------------------------------------------------------------------------------

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en

Reply via email to