I have downloaded and installed the Symfony2 standard edition. I've done all the steps detailed in the github readme to remove the AcmeBundle that serves as a demo to the framework. When attempting to access the console to double check my routes:
$ php app/console router:debug
I get the following error:
[Symfony\Component\Config\Definition\Exception\InvalidConfigurationException]
The child node "providers" at path "security" must be configured.
When I undelete security.providers in my security.yml file, so I'm left with:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
#- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
I get a different but similar error:
[InvalidArgumentException]
You must at least add one authentication provider.
I'm not sure what to do to fix it. Any solutions?
You need the provides, like this config:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
security: false
secured_area:
anonymous: ~
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
#- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
For me, the minimal file I could obtain that works without exceptions is:
security:
firewalls:
anonymous:
anonymous: ~
providers:
in_memory:
memory:
Symfony 2.3.3.
Related
I'm using Symfony 3.3 with FOSUserBundle 2.0. I can't get the reset password feature to work. I go to request resetting page, type an email or username and click on submit and it redirects me to login page without any error shown in the view.
I looked at the log and it gives me this error :
security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at .../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php:125)"} []
Security.yml :
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
{...}
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
default_target_path: /verifInit
logout: true
anonymous: true
switch_user:
role: ROLE_ADMIN
provider: fos_userbundle
parameter: username
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
fos_userbundle:
id: fos_user.user_provider.username
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
When I remove switch_user part in security.yml, it's working well. Do you have an idea why ? I need switch_user feature for my project so I can't remove it.
switch_user: true
and
security:
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
Try this way.
I can't understand why anonimous user can access to routes I want to protect "^/nodes$" and "^/destinations$".
Where I'm wrong? I've read with attention this resource http://symfony.com/doc/current/book/security.html but anyway those url can viewed by anonimous!
This is my security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: athena_user_2014, roles: [ 'ROLE_USER' ] }
admin: { password: athenaspa2014, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/backend
form_login:
check_path: /backend/login_check
login_path: /backend/login
csrf_provider: form.csrf_provider
logout:
path: /backend/logout
target: /
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/nodes, roles: ROLE_ADMIN }
- { path: ^/destinations, roles: ROLE_ADMIN }
Your paths are not part of any of your firewall-patterns. You could make the following changes for it to work:
firewalls:
secured_area:
pattern: ^/
...
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/node, role: ROLE_ADMIN }
...
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
The last path is pretty much, what anonymous: true does. When no other access-control matched, the user is not required to be logged in. If you want to be more restrictive, you could do it like the first path ^/login$ which specifies which routes require authentication. Be aware, that the first matching route is used, so be careful of how you order them.
Alternatively you could add another firewall. But keep in mind, that each firewall provides a separate login.
You can also test your routes from the console using the php app/console router-commands. If you are not sure how to use them just type php app/console help router:match for instance
I am following this tutorial Custom Password Authenticator and get the following error when I try to implement the simple form:
InvalidConfigurationException: Unrecognized options "simple_form" under "security.firewalls.main"
This is my security.yml
security:
encoders:
GigCapitol/MasterBundle/Entity/User: plaintext
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_ADMIN: ROLE_ADMIN
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
users:
entity: { class: GigCapitolMasterBundle:User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
provider: users
simple-form:
authenticator: MasterAuthenticator
login_path: master_index
check_path: master_login_check
access_control:
- { path: /, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_FULLY }
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
What seems to be the issue here?
It seems the correct key is "simple_form", and you have "simple-form".
It seems i had version 2.0 or so, simple_form was implemented in 2.2
I'm having trouble getting security to work the way I want it.
I want administration part to be protected so only people with ROLE_ADMIN can access it. And that works just fine. However, I want my unprotected/public area to be able to differentiate between ROLE_ADMIN and IS_AUTHENTICATED_ANONYMOUSLY.
I can't make it work though. After I log in into admin section. I can see in toolbar that I'm authenticated and have ROLE_ADMIN, but as soon as I go back to public section of the website it turns into anonymously authenticated.
Here is security setup I currently have:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
myusername: { password: mypassword, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_area:
pattern: ^/login$
anonymous: ~
secured_area:
pattern: ^/admin|^/login_check$|^/logout$
form_login: ~
logout: ~
public_area:
pattern: ^/
anonymous: ~
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: [ROLE_ADMIN, IS_AUTHENTICATED_ANONYMOUSLY] }
As you can see I tried adding both ROLE_ADMIN and IS_AUTHENTICATED_ANONYMOUSLY roles to '^/' path in access control, but it doesn't change anything.
I searched both Symfony2 book and Cookbook entries but didn't find anything that would help me regarding this problem.
Ok, and just 20 minutes later, after digging the Symfony2 book for the third time I found this:
Multiple firewalls don't share security context
If you're using multiple firewalls and you authenticate against one firewall, you will not be authenticated against any other firewalls automatically.
It was enough to just use one firewall on '^/' pattern and set access_control to this:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
I have followed the installation guide for FOSUserBundle and got the following error on the step 8:
[Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException]
ServiceNotFoundException: The service "security.authentication.manager" has a dependency on a non-existent service "security.user.provider.concrete.fos_userbundle".
This is my security.yml:
# app/config/security.yml
security:
providers:
fos_userbundle:
id: fos_user.user_manager
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/demo/secured/login$
security: false
secured_area:
pattern: ^/demo/secured/
form_login:
check_path: /demo/secured/login_check
login_path: /demo/secured/login
logout:
path: /demo/secured/logout
target: /demo/
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
Should I register service manually? How to proceed?
Try removing the second providers: block (so just the fos_userbundle one remains) ...