Symfony 4 - two firewalls cause ERR_TOO_MANY_REDIRECTS
Question
I am writing this because previous answers to Using multiple firewalls cause ERR_TOO_MANY_REDIRECTS in Symfony 2 have not been helpful. "Main" firewall seem to work just fine, "Admin" is the one causing problems. Every time I try to enter the path " http://localhost:8000/admin " it redirects to" http://localhost:8000/admin_login " as it should, but goes into redirect loop and crashes with the error named above.
security.yaml
security:
encoders:
App\Entity\User:
algorithm: bcrypt
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
chain_provider:
chain:
providers: [in_memory, db_provider]
in_memory:
memory:
users:
theadmin:
password: iamadmin
roles: 'ROLE_SUPER_ADMIN'
db_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: /admin
anonymous: ~
form_login:
username_parameter: _username
login_path: /admin_login
check_path: /admin_login
provider: in_memory
default_target_path: admin
logout:
path: /admin_logout
target: /
main:
pattern: /
anonymous: ~
form_login:
username_parameter: _email
login_path: /login
check_path: /login
provider: db_provider
default_target_path: welcome
logout:
path: /logout
target: /
access_control:
- { path: ^/welcome, roles: ROLE_USER }
- { path: ^/admin, roles: ROLE_SUPER_ADMIN }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin_login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
AdminSecurityController.php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
class AdminSecurityController extends AbstractController
{
/**
* @Route("/admin_login", name="admin_login")
*/
public function admin_login(Request $request, AuthenticationUtils $utils)
{
$error = $utils->getLastAuthenticationError();
$auth_checker = $this->get('security.authorization_checker');
if ($auth_checker->isGranted('ROLE_SUPER_ADMIN')) {
return $this->render('admin/dashboard.html.twig', [
'controller_name' => 'AdminController',
]);
} else{
return $this->render('admin_security/admin_login.html.twig', [
'error' => $error
]);
}
}
/**
* @Route("/admin_logout", name="admin_logout")
*/
public function admin_logout()
{
}
}
1 answers
solution1
4 ACCPTED 2018-09-14 09:09:27
Access control entries are analyzed from the top to the bottom . So, you need to place the ^/admin_login entry before the ^/admin .
Imagine how the security component is currently set:
- You visit the login form then press submit
- You (guest) are redirected to the
/admin_loginpath - Security component goes through the entries and matches the /admin _login to the
^/adminentry - Because it requires
ROLE_SUPER_ADMIN, you thus end up with a loop
Remember to clear the cache afterwards.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.