Hi Chris! I see your point, but I believe this is the intended behavior. I think (and will be corrected if I'm wrong!) that unless you're IS_AUTHENTICATED_FULLY, the firewall will give you a change to authenticate if you're denied access. Since there's no difference between being denied access for checking IS_AUTHENTICATED_FULLY versus some traditional role, each has that same behavior.
So, I don't know if there is a more appropriate way to work around this, but I believe it's the "intended" behavior. Thanks! Ryan Weaver US Office Head & Trainer - KnpLabs - Nashville, TN http://www.knplabs.com <http://www.knplabs.com/en> http://knpuniversity.com Twitter: @weaverryan On Fri, Apr 27, 2012 at 3:30 AM, Chris Sedlmayr <[email protected]>wrote: > Hi all, > > I have a bit of an oddity with the remember me implementation. > > I've configured it based on the cookbook entry; > http://symfony.com/doc/current/cookbook/security/remember_me.html > And I have the cookie lifetime set to 20 days. > > On login the cookie is set correctly, and if I let my session expire, then > proceed to a secure page the remember me process runs (I can trace that > through the framework, the listener, factory, service, the user provider > etc). > If the page I access returns a successful response, i.e. the user does > have access, then it appears to work fine. > However, if the page I access does not grant access then the login page is > presented, rather than the access denied page. > > I would expect that once remember me has been processed, and the user is > authenticated, that if the page they access is denied, they are still > logged in, but just have access to that page denied. > I'm not making any checks on this page regarding fully authenticated, just > a simple role check, and if not present (which it isn't) then I throw new > AccessDeniedException('You do not have permission to edit this Item'); > > If I am logged in normally and access that page, I see the page (in dev) > that you would expect containing the stack trace with that exception and > message. > > Think this may be an issue rather than with implementation, can anyone > confirm this? > > > Many thanks, > > Chris > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
