On Tuesday, April 5, 2011 1:05:20 PM UTC+2, Christophe COEVOET wrote:
>
> Le 05/04/2011 12:56, Dennis Jacobfeuerborn a écrit :
>
> On Tuesday, April 5, 2011 12:44:35 PM UTC+2, Christophe COEVOET wrote:
>>
>> Le 05/04/2011 12:37, Dennis Jacobfeuerborn a �crit :
>> > I've updated my code from PR8 to PR10 and now I get the following when
>> > I try to login:
>> >
>> > Unable to find the controller for path "/login_check". Maybe you
>> > forgot to add the matching route in your routing configuration?
>> >
>> > I already asked about this on the user list for the git version but I
>> > wanted to wait for the official PR10 before I "officially" report this
>> > (could have been a temporary glitch in the git version).
>> >
>> > The routing for /login_check looks like this:
>> > _security_check:
>> > pattern: /login_check
>> >
>> > This is what worked in PR8 and from what I understand the security
>> > component catches this so I don't have to explicitly define a
>> controller.
>> The security component only catches it when the credentials are right.
>> when they are wrong the controller is called (and this was still the
>> case before AFAIK)
>>
>
> You keep bringing this up and I have no idea what you are trying to tell
> me:
>
> a) The happens regardless of right or wrong credentials
> b) How can the credentials be determined as wrong when the security
> component apparently doesn't even get called to check them?
>
> If it is not called at all, check the pattern of the firewall to see if the
> /login_check path triggers the firewall. Can you paste your security config
> ?
>
The security.yml is the same as the one I posted on the user list:
security:
encoders:
Symfony\Component\Security\Core\User\User:
algorithm: sha1
encode-as-base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
users:
admin: { password: 9af2785afcfdd303af47fa698c6000fb731a772d,
roles: [ 'ROLE_ADMIN' ] }
firewalls:
profiler:
pattern: ^/_profiler
security: false
wdt:
pattern: ^/_wdt
security: false
login:
pattern: ^/login
security: true
anonymous: true
secured_area:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
logout:
path: /logout
target: /login
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /.*, roles: ROLE_USER }
> c) If this has not changed between PR8 and PR10 then the
> code/routing/config that worked fine in PR8 should still work fine in PR10,
> no?
>
> If there is a specific change you want me to make then tell me and we can
> see if this is a problem of mis-configuration or a real problem.
>
> You route does not define which controller should be used when the listener
> does not block the request as there is no _controller defined in it.
>
It didn't define a controller when used with PR8 either yet the login worked
fine. My understanding is that I don't have to provide a controller unless I
want to handle the actual authentication myself and that if I don't then the
security component will handle it for me. That understanding so far matched
the behavior I was seeing with PR8.
Regards,
Dennis
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
