Symfony2 security different firewalls don't redirect properly to login
Question
I configured 3 secured areas based on the user type: admin, teacher and student. When I'm accessing /admin, I'm redirected properly to /admin/login. But when I'm accessing /teacher or /student the redirection fails, although I'm being redirected to /teacher/login or /student/login I'm getting this error:
The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This is my security.yml:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: ^/admin
form_login:
check_path: login_check
login_path: /admin/login
provider: chain_provider
csrf_provider: form.csrf_provider
default_target_path: /admin
logout: true
teacher:
pattern: ^/teacher
form_login:
check_path: login_check
login_path: /teacher/login
provider: chain_provider
csrf_provider: form.csrf_provider
default_target_path: /teacher
logout: true
student:
pattern: ^/student
form_login:
check_path: login_check
login_path: /student/login
provider: chain_provider
csrf_provider: form.csrf_provider
default_target_path: /student
logout: true
access_control:
- { path: ^/admin/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/teacher/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/teacher/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/student/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/student/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/teacher, role: ROLE_TEACHER }
- { path: ^/student, role: ROLE_USER }
I need some help. What am I missing? Thanks
1 answers
solution1
3 ACCPTED 2015-09-21 07:19:14
You've secured your login forms ... so when Symfony tries to redirect to your login form, it tries to redirect to your login form, tries to redirect to your login form, tries to redirect ...
Try this:
admin_login:
pattern: ^/admin/login
anonymous: ~
admin:
pattern: ^/admin
form_login:
login_path: /admin/login
check_path: /login_check
provider: chain_provider
csrf_provider: form.csrf_provider
default_target_path: /admin
logout:
path: /logout
target: /admin/login
teacher_login:
pattern: ^/teacher/login
anonymous: ~
teacher:
pattern: ^/teacher
form_login:
... etc ...
student_login:
pattern: ^/student/login
anonymous: ~
student:
pattern: ^/student
form_login:
.... etc ...
access_control:
- { path: ^/admin/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/teacher/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/student/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
...
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/teacher, roles: ROLE_TEACHER }
- { path: ^/student, roles: ROLE_USER }
This is covered under the heading Avoid Common Pitfalls in the Symfony Cookbook.
THE ORDER OF YOUR FIREWALLS IS IMPORTANT
Note that the 'login firewalls' are defined ahead of their partner firewalls.
Note also that I added a '/' to the front of your check_path to remind you that you need to define a route for it. If you use annotations to define your routes, you'll need to create an empty action method in a controller somewhere so that the router has something to chew on.
Your 'logout' definitions look suspect to me as well. Not saying they're completely incorrect - just that I've never seen them defined that way before and am not exactly certain how your definitions would work given what I know of Symfony.
In the case of the '/logout' paths I've defined in the example above, you would - again - need to create a valid route for these ... even though Symfony won't actually execute any 'logout' method you define in your controllers.
The logout stuff is covered HERE
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.