I used the "Using a traditional login form" tutorial from symfony.com to authentificate my users. With a simple http auth it works great.
After the login was submitted I get this Exception:
Unable to find the controller for path "/login_check". Maybe you forgot to add the matching route in your routing configuration?
Well, in the tutorial I read:
You will not need to implement a controller for the /login_check URL as the firewall will automatically catch and process any form submitted to this URL.
I defined the routes and set the firewall settings:
security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
backend:
pattern: ^/backend
anonymous: ~
form_login:
provider: entity
login_path: /login
check_path: /login_check
#use_forward: true
logout:
path: /logout
target: /
routing.yml
login:
pattern: /login
defaults: { _controller: VitaSecurityBundle:Default:login }
login_check:
pattern: /login_check
logout:
pattern: /logout
The problem you are having is described here:
See http://symfony.com/doc/current/book/security.html , section "Avoid Common Pitfalls"
- Be sure
/login_check
is behind a firewall Next, make sure that your check_path URL (eg /login_check) is behind the firewall you're using for your form login (in this example, the single firewall matches all URLs, including /login_check). If /login_check doesn't match any firewall, you'll receive a Unable to find the controller for path "/login_check" exception.
In this example, your pattern specifies a prefix of /backend for secured paths. To work, your login check should be behind this same firewall.
So, to match the pattern which you have specified in your firewall, put login_check on a url path like this: /backend/login_check
I added the /backend prefix to my paths, removed the 'anonymous: ~' line and commented out the ACL for backend.
security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_firewall:
pattern: ^/backend/login$
anonymous: ~
backend:
pattern: ^/backend
form_login:
provider: entity
login_path: /backend/login
check_path: /backend/login_check
#use_forward: true
logout:
path: /backend/logout
target: /
access_control:
#- { path: ^/backend, roles: ROLE_USER }
routing.yml
login:
pattern: /backend/login
defaults: { _controller: VitaSecurityBundle:Default:login }
login_check:
pattern: /backend/login_check
logout:
pattern: /backend/logout
The problem also tends to happen when you have two firewall with the same pattern. For example:
....
backend:
pattern: ^/*
....
frontend:
pattern: ^/*
You must change one of the two as follows:
....
backend:
pattern: ^/(administrador|backend)/*
....
frontend:
pattern: ^/*
Here is a sample code I used in a real-life project:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/cmd
anonymous: ~
form_login:
check_path: /cmd/login_check
login_path: /cmd/login
remember_me:
always_remember_me: true
key: "%secret%"
path: /cmd
domain: ~ # Defaults to the current domain from $_SERVER
logout:
path: /cmd/logout
target: /
admin:
pattern: ^/admin
http_basic:
realm: "Administration"
free_area:
pattern: ^/
anonymous: ~
In my case, only the /cmd/ part is secured, the /admin/ part is also secured, but with HTTP security.
Maybe you should try: security.yml
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
backend:
pattern: ^/backend
anonymous: ~
form_login:
provider: entity
login_path: /backend/login
check_path: /backend/login_check
#use_forward: true
logout:
path: /backend/logout
target: /
and as of routing.yml:
login:
pattern: /backend/login
defaults: { _controller: VitaSecurityBundle:Default:login }
login_check:
pattern: /backend/login_check
logout:
pattern: /backend/logout
I think your problem might come from the fact security is not activated in your / part (the pattern of your secured area is ^/backend)
This was not workging for me and I try something else :
firewalls:
dev:
pattern: ^/(_profiler|_wdt|css|js)
security: false
login:
pattern: ^/login$
security: false
secured_area:
pattern: /(admin/.*|login_check)
provider: in_memory
form_login:
check_path: /login_check
login_path: /login
default_target_path: /admin
always_use_default_target_path: true
logout:
path: /logout
target: /
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
With the following explanation, simpler than the explanation from zabojad. The important thing is to put the login_check route inside a firewall and to let the login outside. With a or pattern you can succeed.
Max
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.