I work under symfony, and I would like to configure my pattern in security so that it applies to everything but a certain path. (/Home)
I made that but it doesn't work and I don't know Regex :
pattern: ^/(?!/accueil).*$
There I am obliged to put all my links, which gives:
pattern: ^/(admin|profile|package|securiteInformatique|logout)
So it would be easier to put "all escept" /accueil
My security.yml:
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
app:
id: bes_auth.user_provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# anonymous: true
# public:
# pattern: ^accueil
# security: false
# anonymous: true
main:
logout_on_user_change: true
# pattern: ^/(admin|profile|packages|securiteInformatique|logout)
#pattern: ^/(?!accueil)
form_login:
check_path: fos_user_security_login_check
login_path: /login_check
guard:
authenticators:
- app.security.login_form_authenticator
- bes_auth.authenticator
entry_point: Site\PagesBundle\Security\LoginFormAuthenticator
logout:
path: deconnexion #nom de la route de déconnexion
target: /
success_handler: bes_auth.authenticator
anonymous: true
access_control:
- { path: ^/admin, role: ROLE_SUPER_ADMIN }
- { path: ^/accueil, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
You should remove the public firewall altogether, remove pattern from your main firewall, and use access_control to handle the permissions.
The following configuration is read by Symfony from the top down, applying the first rule it finds. So any URL beginning with /accueil will be checked against by your main firewall, but will allow the public to view without logging in (because you have anonymous: true). Every other URL (that doesn't begin with /accueil) will require the ROLE_USER role, therefore will force authentication.
access_control:
- { path: ^/admin, role: ROLE_SUPER_ADMIN }
- { path: ^/accueil, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
Related
Friends,
I need help with Symfony4. I building custom authentication system for FosUserBundle. (I need to convert it).
I base my actions on Symfony documentation
https://symfony.com/doc/4.1/security/custom_authentication_provider.html
And according to the documentation, I created all the authentic files. I will not throw them in because this is the same as in the documentation.
And I get this error:
Not configuring explicitly the provider for the "wsse" listener on "main" firewall is ambiguous as there is more than one registered
provider.
This is my security.yaml
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
in_memory: { memory: ~ }
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
stateless: true
wsse: true
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /
logout:
path: /logout
target: /login
anonymous: true
# activate different ways to authenticate
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
# form_login: true
# https://symfony.com/doc/current/security/form_login_setup.html
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
- { path: ^/admin/, role: ROLE_ADMIN }
EDIT
Service Provider
App\Security\Authentication\Provider\WsseProvider:
arguments:
$userProviderInterface: '#fos_user.user_provider.username'
$cachePool: '#cache.app'
public: false
I am asking for help because I'm stuck
Thanks
on your security.yml
add:
providers:
wsse:
id: App\Security\wsseProvider #class of UserProviderInterface
firewalls:
main:
...
form_login:
provider: wsse
on services.yaml
services:
App\Security\wsseProvider:
autowire: true
public: false
I'm using Symfony 3.1 with FOSUserBundle.
I read the docs and integrated FOS in Symfony, here all right, the registration seems to work well and persists the data to the DB, BUT, if I try to login I get redirected again to the login page as an anonymous user.
I checked the Symfony Profiler, and I can see that when it's called the path /login_check (in the profiler) the user result as authenticated, but then after the /login_check phase, when I get redirected, the user is as anonymous...
--
/login_check from profiler:
Property Value
Roles [ROLE_USER]
Inherited Roles none
Token class Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
--
The sessions seems to exist (dump(app.session)) is not empty, but no stores data of user.
That's my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: /login
check_path: /login_check
default_target_path: /redirLogIn
# csrf_token_generator: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin.*, role: ROLE_ADMIN}
# - { path: ^/, role: ROLE_USER}
(I disabled the csrf token due to problems on registration)
(This is an intranet, there is no "homepage", as you open the site you are requested to login)
Why this?
Thanks
I'm not sure I understand the question you are asking, but maybe it's why you are being directed to login when you open the site?
If so, this is why:
default_target_path: /redirLogIn
Change the above to the path (route) you need.
You need to improve the indentation in the file
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I'm using SF2 together with FOS user bundle.
security:
providers:
fos_userbundle:
id: fos_user.user_provider.username
encoders:
FOS\UserBundle\Model\UserInterface: sha512
firewalls:
dev:
pattern: ^/(_(profiler|wdt|error)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: false
access_control:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
If I set my main: anonymous: false to true, I no longer get a redirect loop, but then people don't need to be logged in to access everything (which they should be!)
I think the access_control has an entry for the ^/login route so that people don't need to be authenticated, but I suspect it doesn't work.
With this statement:
anonymous: false
this is no longer valid:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
Therefore the framework can't redirect to the login which causes the redirect loop (FOS needs anonymous to be true in order to work properly)... I don't know if it works but you could try to set
{ path: ^/*, role: ROLE_USER }
as the first or last line of the assetic control,... no guarantee it works, this is would I would try in order to create the result you are looking for
I'm using FOSUserBundle in an ongoing project and everything works fine but I'm having a small problem when I close session because I go to the index of the application instead of staying in the safe area (secured) which is /admin/login where the login form is. This is my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /admin
invalidate_session: false
anonymous: true
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
anyone can tell me where I am making the mistake?
I think it's the anonymous: true. If you basically want the whole site to be under access control, with no pages apart from the login page being accessible to someone not logged in then you want something like this:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /admin
invalidate_session: false
anonymous: ~ # NO ANONYMOUS ACCESS
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
# anonymous visitors need to be able to get to the logon pages
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Could also add "safe" routes like an "about" or "contact us" pages here if you like
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
I can't understand why anonimous user can access to routes I want to protect "^/nodes$" and "^/destinations$".
Where I'm wrong? I've read with attention this resource http://symfony.com/doc/current/book/security.html but anyway those url can viewed by anonimous!
This is my security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: athena_user_2014, roles: [ 'ROLE_USER' ] }
admin: { password: athenaspa2014, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/backend
form_login:
check_path: /backend/login_check
login_path: /backend/login
csrf_provider: form.csrf_provider
logout:
path: /backend/logout
target: /
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/nodes, roles: ROLE_ADMIN }
- { path: ^/destinations, roles: ROLE_ADMIN }
Your paths are not part of any of your firewall-patterns. You could make the following changes for it to work:
firewalls:
secured_area:
pattern: ^/
...
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/node, role: ROLE_ADMIN }
...
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
The last path is pretty much, what anonymous: true does. When no other access-control matched, the user is not required to be logged in. If you want to be more restrictive, you could do it like the first path ^/login$ which specifies which routes require authentication. Be aware, that the first matching route is used, so be careful of how you order them.
Alternatively you could add another firewall. But keep in mind, that each firewall provides a separate login.
You can also test your routes from the console using the php app/console router-commands. If you are not sure how to use them just type php app/console help router:match for instance