I use Symfony 2 and the FOSUserBundle. I can login, logout and view Profile.
Problem: When i go to "/register", fill out the form and press enter i get the following error:
You have requested a non-existent service "security.user_checker".
500 Internal Server Error - ServiceNotFoundException
It seems that I have do to some additional configuration or so, but I can't find anything about it.
Part of config.yml:
fos_user:
db_driver: orm
firewall_name: fos_user
user_class: Blogger\BlogBundle\Entity\User
security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
fos_user:
id: fos_user.user_manager
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
fos_user:
pattern: ^/
provider: fos_user
form_login:
check_path: /login_check
login_path: /login
logout:
path: /logout
target: /
anonymous: ~
access_control:
- { path: /secured/admin, roles: ROLE_ADMIN }
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
UPDATE
Stack trace:
Make sure you specify a version for FOSUserBundle. The repository head is aligned with Symfony head, not 2.0.9.
[FOSUserBundle]
git=git://github.com/FriendsOfSymfony/FOSUserBundle.git
target=/bundles/FOS/UserBundle
version=1.0.0
If you're updating FOSUserBundle (or any bundle for that matter) you need to make sure you mimic changes made in the FOSUserBundle to any files you overwrite.
In my particular case, in the RegistrationController FOSUserBundle changed a value from security.user_checker to fos_user.user_checker in the authenticateUser method, so I made the same change in my controller.
Every time you do an update of the vendors, you need to make sure files (controllers, services etc) you're overwriting in your bundle are not depending on a service class or method that has been removed.
Do you register services right ?
Or maybe You forgot add a routing for this service ?
Related
I have integrated the FOS user bundle just as the quick guide tells you to do. it seem to work except that once I log in and redirects it loses the session for some reason and I'm back as anonymous user.
This is what i get when I log in before I'm redirect back:
As you can see I'm successfully logged in and should be redirect to the homepage. However when I'm on the homepage I'm redirected back to the login because I check if the user is logged in or not. So somehow it does not remember that I logged in.
This is my configuration for security.xml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
in_memory:
memory: ~
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
check_path: /login_check
login_path: /login
provider: fos_userbundle
default_target_path: /
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
config.yml
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: UserBundle\Entity\User
I obviously added the bundle to the app kernel and created the user entity. when i run the doctrine command it successfully creates the user table, etc...
I have this working fine in another project, the only difference is that for this project I'm using docker. Would this cause a problem?
Edit:
This is the code I use to check if the user is logged in:
if(!$this->container->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY') ){
return $this->redirect($this->generateUrl('fos_user_security_login'));
}
And the toolbar shows me as anonymous after the login_check redirects.
It was brought to my attention that if mysave_path is under /var/www/project which is mounted on my local machine it would not work.
So in config.yml I commented out the handler_id and changed thesave_path value to ~
Im building a project with a front app in Angular and a REST API backend in Symfony2 (2.7, needs to move to 3.3 soon).
Backend side, i'm using FOSRestBundle, FOSUSerBundle, LexikAuthBundle and a bunch of other cool bundles for REST API needs.
I recently implemented one time Login through social providers Google and Facebook (front login buttons, then create fos_user backend side and manually set to just recognized user, a JWT provided by LexikBundle). This works well with the following app\config\security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_API: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
login_path: /api/login
require_previous_session: false
username_parameter: username
password_parameter: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
anonymous: true
lexik_jwt:
authorization_header:
enabled: true
prefix: Bearer
query_parameter:
enabled: true
name: bearer
always_authenticate_before_granting: true
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/registration., roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: [IS_AUTHENTICATED_FULLY, ROLE_API] }
This works fine for /api/login/social routes (where data is in body, POST), but impossible to reach /api/registration :( :
INFO - Matched route "myapp_security_register".
Context: {"route_parameters": {"_controller":"myapp\\CoreBundle\\Controller\\SecurityController::registerAction","_route":"myapp_security_register"},"request_uri":"http://127.0.0.1:8000/api/registration"}
INFO - Populated the TokenStorage with an anonymous Token.
ERROR - Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "You do not have the necessary permissions" at C:\projects\myappAPI\vendor\friendsofsymfony\rest-bundle\FOS\RestBundle\EventListener\AccessDeniedListener.php line 70
Context: {"exception":"Object(Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException)"}
I dont get it, because the anonymous token is set ! Why access_control doesnt let /api/registration access my controller ? What am i missing ?
I can also post FOSRestBundle config if it may help.
Thanks, Bor.
There is a typo in your access_control directive:
- { path: ^/api/registration., roles: ['..'] }
... should be
- { path: ^/api/registration, roles: ['..'] }
I'm using Symfony 2.3 and I've created a custom user provider and everything works fine so far except for that following message shows:
Weird thing is that for example in Twig I can do:
{{ app.user.username }}
And it prints fine the username of the logged user.
I've tracked the printing of that message in this view and this is the corresponding controller.
Seems that the class SecurityDataCollector is initialized with a parameter of type SecurityContextInterface with a value of $this->get('security.context', ContainerInterface::NULL_ON_INVALID_REFERENCE)
The problem seems to be that security.context does not exists and I don't know how to set that security context and in the example they don't set them. How can I fix this?
---- app/config/security.yml ----
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
encoders:
Company\Shared\CompanyldapBundle\Security\User\ldapUser: plaintext
providers:
ldap_user_provider:
id: ldap_user_provider
firewalls:
main:
provider: ldap_user_provider
pattern: ^/
form_login:
login_path: login
check_path: login_check
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(_(profiler|wdt)|css|images|js)/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
I can't understand why anonimous user can access to routes I want to protect "^/nodes$" and "^/destinations$".
Where I'm wrong? I've read with attention this resource http://symfony.com/doc/current/book/security.html but anyway those url can viewed by anonimous!
This is my security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: athena_user_2014, roles: [ 'ROLE_USER' ] }
admin: { password: athenaspa2014, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/backend
form_login:
check_path: /backend/login_check
login_path: /backend/login
csrf_provider: form.csrf_provider
logout:
path: /backend/logout
target: /
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/nodes, roles: ROLE_ADMIN }
- { path: ^/destinations, roles: ROLE_ADMIN }
Your paths are not part of any of your firewall-patterns. You could make the following changes for it to work:
firewalls:
secured_area:
pattern: ^/
...
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/node, role: ROLE_ADMIN }
...
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
The last path is pretty much, what anonymous: true does. When no other access-control matched, the user is not required to be logged in. If you want to be more restrictive, you could do it like the first path ^/login$ which specifies which routes require authentication. Be aware, that the first matching route is used, so be careful of how you order them.
Alternatively you could add another firewall. But keep in mind, that each firewall provides a separate login.
You can also test your routes from the console using the php app/console router-commands. If you are not sure how to use them just type php app/console help router:match for instance
I'm having trouble getting security to work the way I want it.
I want administration part to be protected so only people with ROLE_ADMIN can access it. And that works just fine. However, I want my unprotected/public area to be able to differentiate between ROLE_ADMIN and IS_AUTHENTICATED_ANONYMOUSLY.
I can't make it work though. After I log in into admin section. I can see in toolbar that I'm authenticated and have ROLE_ADMIN, but as soon as I go back to public section of the website it turns into anonymously authenticated.
Here is security setup I currently have:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
myusername: { password: mypassword, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_area:
pattern: ^/login$
anonymous: ~
secured_area:
pattern: ^/admin|^/login_check$|^/logout$
form_login: ~
logout: ~
public_area:
pattern: ^/
anonymous: ~
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: [ROLE_ADMIN, IS_AUTHENTICATED_ANONYMOUSLY] }
As you can see I tried adding both ROLE_ADMIN and IS_AUTHENTICATED_ANONYMOUSLY roles to '^/' path in access control, but it doesn't change anything.
I searched both Symfony2 book and Cookbook entries but didn't find anything that would help me regarding this problem.
Ok, and just 20 minutes later, after digging the Symfony2 book for the third time I found this:
Multiple firewalls don't share security context
If you're using multiple firewalls and you authenticate against one firewall, you will not be authenticated against any other firewalls automatically.
It was enough to just use one firewall on '^/' pattern and set access_control to this:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }