Hi,
I read this thread as I'm encountering the same problem than Dennis.
I've also a "Controller not found exception".
The form-login configuration is pointing to the good check_path, as
the doc says.
Here is my complete security.config:
security.config:
providers:
main:
users:
florian: { password: bar, roles: ROLE_USER }
firewalls:
login: { pattern: /login, security: true, anonymous: true }
login_check: { pattern: /login_check, security: true, anonymous:
true }
profiler: { pattern: /_profiler.*, security: true, anonymous:
true }
main:
pattern: .*
form_login: { check_path: /login_check }
http_basic: true
anonymous: true
logout: { path: /logout, target: /login }
access_control:
- { path: /login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /login_check, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: .*, role: [ ROLE_USER, IS_AUTHENTICATED_ANONYMOUSLY ] }
my routing:
_security_login:
pattern: /login
defaults: { _controller: ECommerceBundle:ECommerce:login }
_security_check:
pattern: /login_check
As dennis says, my _security_check route has no controller parameter,
so I could understand the problem.
In the same time, Symfony/Component/HttpKernel/Security/Firewall/
FormAuthenticationListener should handle the request, but it is never
called.
Do you have any idea why ?
Did I missed something?
Thanks,
Florian.
On 2 nov, 18:03, Johannes <[email protected]> wrote:
> You don't need a controller as the firewall listener will take care of
> this.
>
> My guess is that you have not configured form-login for the
> login_check page, so the listener never gets called.
>
> Johannes
>
> On 2 Nov., 17:14, Dennis Jacobfeuerborn <[email protected]>
> wrote:
>
>
>
>
>
>
>
> > Indeed excluding /login.* from any restrictions got rid of the
> > redirect loop, thanks.
>
> > Now when I try to login the form gets submitted to /login_check which
> > results in an "Unable to find the controller." message.
> > Given that no controller is defined for that path that is to be
> > expected I guess but the example in the documentation doesn't
> > provide a controller either and it says that the submission is handled
> > automatically and I only have to implement the display
> > of the form (which works).
> > So I'm not sure which controller I'm supposed to route /login_check
> > to.
>
> > Regards,
> > Dennis
>
> > On Nov 2, 3:43 pm, Johannes <[email protected]> wrote:
>
> > > You need to make sure to remove access restrictions for the login
> > > page.
>
> > > If you are following a whitelist policy, you can do so by also
> > > enabling the anonymous listener and then requiring the
> > > "IS_AUTHENTICATED_ANONYMOUSLY" role for the login page.
>
> > > Johannes
>
> > > On Nov 2, 3:12 pm, Dennis Jacobfeuerborn <[email protected]>
> > > wrote:
>
> > > > I'm trying to get a form-login going with the new security framework
> > > > but I'm running into trouble.
> > > > I've followed the instructions
> > > > athttp://docs.symfony-reloaded.org/master/guides/security/authenticatio...
> > > > and used the http-basic mechanism which works fine so far. Then I
> > > > replaced the http-basic:true bit with form-login:true in the
> > > > configuration, put the login form and controller code in the right
> > > > place and added the following routes (adapted to yaml from the xml in
> > > > the documentation):
>
> > > > _security_login:
> > > > pattern: /login
> > > > defaults: { _controller: DamBundle:System:login }
>
> > > > _security_check:
> > > > pattern: /login_check
>
> > > > The result is an endless redirect loop. Looking at the rewrite log I
> > > > can see that when I request / then I get redirected to /login which is
> > > > expected since I'm not authenticated. However then /login redirects
> > > > again to /login which causes the loop. Is there anything missing from
> > > > the above documentation that is required to get the form login
> > > > working?
>
> > > > Regards,
> > > > Dennis
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
