I had the same problem as you, and solved it thanks to Christophe COEVET
response, today.
As he said to me "You are requiring the authentication for the url of the
Ajax call done to load the web debug toolbar"
In fact, the route "_wdt" defined in "routing_dev.yml" is covered by some of
your requirements. If i'm right, you define that for "^/" paths you must
"USER_ROLE".
I solved it by adding this to access controls :
- { path: ^/_wdt, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' }
and adding a new firewall describtion :
ajax_calls:
pattern: ^/_wdt
anonymous: ~
2011/5/18 NOP-erator <[email protected]>
> I secured my application with a login form as explained in the docs.
> After trying to extend the login.html.twig with a layout, the whole
> view appeared twice within this layout while in app_dev. In the
> firebug console I can see two GET requests:
> 1. http://toolbox/app_dev.php/login | 302 Found 315ms
> 2. http://toolbox/app_dev.php/login | 200 OK 421ms (empty response)
>
> I'm using standard routing files from the sandbox:
> routing_dev.yml
> _assetic:
> resource: .
> type: assetic
>
> _wdt:
> resource: "@WebProfilerBundle/Resources/config/routing/wdt.xml"
> prefix: /_wdt
>
> _profiler:
> resource: "@WebProfilerBundle/Resources/config/routing/
> profiler.xml"
> prefix: /_profiler
>
> _configurator:
> resource: "@SymfonyWebConfiguratorBundle/Resources/config/routing/
> configurator.xml"
> prefix: /_configurator
>
> _main:
> resource: routing.yml
>
> -------------------------------------
>
> routing.yml
> login:
> pattern: /login
> defaults: { _controller: BUMSecurityBundle:Security:login }
> # Is processed automatically by the authentication system
> login_check:
> pattern: /login_check
> logout:
> pattern: /logout
> homepage:
> pattern: /
> defaults: { _controller: BUMToolboxBundle:Default:index }
>
> app_teaser:
> resource: "@BUMTeaserBundle/Resources/config/routing.yml"
>
> --------------------------------------
> security.yml
> security:
> firewalls:
> secured_area:
> pattern: ^/
> anonymous: ~
> form_login: ~
> logout: ~
>
> access_control:
> - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
> - { path: ^/admin, roles: ROLE_ADMIN }
> - { path: ^/, roles: ROLE_USER }
>
> providers:
> in_memory:
> users:
> someuser: { password: user, roles: 'ROLE_USER' }
> admin: { password: admin, roles: 'ROLE_ADMIN' }
>
> encoders:
> Symfony\Component\Security\Core\User\User: plaintext
>
> role_hierarchy:
> ROLE_ADMIN: ROLE_USER
>
> -----------------------------------------------------------
> login.html.twig
>
> {% extends "BUMToolboxBundle::layout.html.twig" %}
>
> {% block content %}
> {% if error %}
> <div>{{ error.message }}</div>
> {% endif %}
>
> <form action="{{ path('login_check') }}" method="post">
> <label for="username">Username:</label>
> <input type="text" id="username" name="_username"
> value="{{ last_username }}" />
>
> <label for="password">Password:</label>
> <input type="password" id="password" name="_password" />
>
> {#
> If you want to control the URL the user is
> redirected to on success
> (more details below)
> <input type="hidden" name="_target_path"
> value="/account" />
> #}
>
> <input type="submit" name="login" />
> </form>
> {% endblock %}
>
> ---------------------------
> This doesn't happen, if the layout is deactivated, but then there is
> no webdebug toolbar either.
>
> What am I doing wrong?
> Thanks in advance
>
> --
> If you want to report a vulnerability issue on symfony, please send it to
> security at symfony-project.com
>
> You received this message because you are subscribed to the Google
> Groups "symfony users" group.
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected]
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en
>
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
