On Fri, 21 Jan 2011 00:21:28 +0200, taidehuone <[email protected]> wrote: > Hi, > > I've been working on a Doctrine2 based authentication system for a while. I > have successfully created the security controller, related views and > configured config.yml as described in master docs. I can get to a login > form > fine and when I click "submit", the login data is processed on the server > as > expected. Symfony debug environment intercepts the redirect and by looking > at the profiler toolbar, the "anon" user has changed to a name retrieved > from the database as if everything went fine. Then I follow the redirection > back to homepage to look at the profiler now, and I'm anonymously > authenticated again. Just as if the authentication data wasn't stored in > sessions or anywhere at all. What might cause this? > > Please note that the login_check page which processes login data throws the > following notice too. I have not found a way to fix this notice either, and > I'm not absolutely certain what causes this. It seems like some > serialization is done to stored the authentication but symfony fails at > some > point. "Notice: serialize() [function.serialize]: "id" returned as member > variable from __sleep() but does not exist in > /sf2/Component/Security/Authentication/Token/Token.php on line 189." > Looking > at symfony code it looks like it attempts to serialize the user object (a > Doctrine entity) which sounds good to me. > > I have a base Account entity which implements AdvancedAccountInterface and > three specific account types (Artist, Company, School) that extend Account. > I have written an AccountRepository class that implements > UserProviderInterface which, for now, retrieves users using just a simple > ->findOneBy() call. The users are found during login_check but for some > reason are not persisted onto the next page. Here is the related > app/config/config.yml: > > security.config: > encoders: > Application\AccountBundle\Entity\Account: md5 > Application\ArtistBundle\Entity\Artist: md5 > Application\CompanyBundle\Entity\Company: md5 > Application\SchoolBundle\Entity\School: md5 > > providers: > main: > entity: { class: Application\AccountBundle\Entity\Account } > > firewalls: > login: { pattern: /login, security: true, anonymous: true } > login_check: { pattern: /login_check, security: true, anonymous: true, > form_login: true } > main: > pattern: .* > form_login: { check_path: /login_check } > anonymous: true > logout: { path: /logout, target: /login } > > Looking back at the php notice, I have only defined the "id" field in the > parent Account entity and not in subclasses Artist, Company or School. I > believe I've done it right though. However, looking at a var_dump of the > user object that's being serialized, it seems like the id field is also the > first field that php encounters that originates from the inherited Account > entity. Could there be a problem with Doctrine inherited user objects or am > I just off the track here? > > Thank you in advance, > Jaakko R
The login check has to be done by the main firewall as they don't share the context any more. Not sure if it is the issue here but it can be. As you also use anonymous users the simpliest configuration is to use only the main firewall and to let anonymous users access /login with the access_control map. Regards -- Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
