Access_Control refuses anonymous token'ed user to go through
Question
Im building a project with a front app in Angular and a REST API backend in Symfony2 (2.7, needs to move to 3.3 soon). Backend side, i'm using FOSRestBundle, FOSUSerBundle, LexikAuthBundle and a bunch of other cool bundles for REST API needs. I recently implemented one time Login through social providers Google and Facebook (front login buttons, then create fos_user backend side and manually set to just recognized user, a JWT provided by LexikBundle). This works well with the following app\\config\\security.yml :
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_API: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
login_path: /api/login
require_previous_session: false
username_parameter: username
password_parameter: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
anonymous: true
lexik_jwt:
authorization_header:
enabled: true
prefix: Bearer
query_parameter:
enabled: true
name: bearer
always_authenticate_before_granting: true
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/registration., roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: [IS_AUTHENTICATED_FULLY, ROLE_API] }
This works fine for /api/login/social routes (where data is in body, POST), but impossible to reach /api/registration :( :
INFO - Matched route "myapp_security_register".
Context: {"route_parameters": {"_controller":"myapp\\CoreBundle\\Controller\\SecurityController::registerAction","_route":"myapp_security_register"},"request_uri":"http://127.0.0.1:8000/api/registration"}
INFO - Populated the TokenStorage with an anonymous Token.
ERROR - Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "You do not have the necessary permissions" at C:\projects\myappAPI\vendor\friendsofsymfony\rest-bundle\FOS\RestBundle\EventListener\AccessDeniedListener.php line 70
Context: {"exception":"Object(Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException)"}
I dont get it, because the anonymous token is set ! Why access_control doesnt let /api/registration access my controller ? What am i missing ? I can also post FOSRestBundle config if it may help.
Thanks, Bor.
1 answers
solution1
1 ACCPTED 2016-03-19 08:21:06
There is a typo in your access_control directive:
- { path: ^/api/registration., roles: ['..'] }
... should be
- { path: ^/api/registration, roles: ['..'] }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.