问题
I have a very basic Symfony2.1 setup with FOSUserBundle installed.
When registering all is well and I am redirected to my target path and the debug bar shows that I am authenticated as myself.
When logging in however, submitting the form with bad creds will reflect as such, but if I login with the correct creds, I get redirected to my target path but I'm still anon, so authentication is successful but not persisted in the session.
Am I missing something? I have followed the basic configuration pretty much exactly with little customisation. Unsure how to go about debugging this (experience with Symfony1, new to Symfony2).
FOSUserBundle's InteractiveLoginListener onSecurityInteractiveLogin has and correctly updates the user with last login date, I'm not sure at what point this would be bound to security.context if at all nor where to look.
Am I meant to register my own listener or is something not working? Searching the entire bundle for security.context seems to lead to this only being set for registration and resetting?
security.yml
security:
acl:
connection: default
providers:
fos_userbundle:
id: fos_user.user_manager
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# SONATA:
# - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
firewalls:
# -> custom firewall for the admin area of the URL
admin:
switch_user: true
context: user
pattern: /admin(.*)
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
# login success redirecting options (read further below)
always_use_default_target_path: false
default_target_path: /admin/dashboard
target_path_parameter: _target_path
use_referer: false
failure_path: null
use_referer: true
logout:
path: /admin/logout
target: /admin/login
anonymous: true
# -> end custom configuration
# default login area for standard users
main:
switch_user: true
context: user
pattern: .*
form_login:
provider: fos_userbundle
# the user is redirected here when he/she needs to login
login_path: /login
# if true, forward the user to the login form instead of redirecting
use_forward: false
# submit the login form here
check_path: /login_check
# login success redirecting options (read further below)
always_use_default_target_path: false
default_target_path: /
target_path_parameter: _target_path
use_referer: false
# login failure redirecting options (read further below)
failure_path: null
failure_forward: false
# csrf token options
csrf_parameter: _csrf_token
intention: authenticate
logout: true
anonymous: true
# -> end default configuration
access_control:
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# -> custom access control for the admin area of the URL
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# -> end
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
jms_security_extra:
secure_all_services: false
expressions: true
Logs
[2012-07-05 15:12:50] security.INFO: User "steve" has been authenticated successfully [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "security.interactive_login" to listener "FOS\UserBundle\Security\InteractiveLoginListener::onSecurityInteractiveLogin". [] []
[2012-07-05 15:12:50] doctrine.DEBUG: UPDATE fos_user_user SET last_login = ?, updated_at = ? WHERE id = ? ([{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},{"date":"2012-07-05 16:12:50","timezone_type":3,"timezone":"Europe\/London"},1]) [] []
[2012-07-05 15:12:50] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\Security\Http\Firewall\ContextListener::onKernelResponse". [] []
[2012-07-05 15:12:50] security.DEBUG: Write SecurityContext in the session [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bridge\Monolog\Handler\FirePHPHandler::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\SecurityBundle\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\CacheListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:50] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Bundle\WebProfilerBundle\EventListener\WebDebugToolbarListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.response" to listener "Symfony\Component\HttpKernel\EventListener\StreamedResponseListener::onKernelResponse". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.terminate" to listener "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onKernelTerminate". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest". [] []
[2012-07-05 15:12:51] request.INFO: Matched route "sonata_admin_dashboard" (parameters: "_controller": "Sonata\AdminBundle\Controller\CoreController::dashboardAction", "_route": "sonata_admin_dashboard") [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleListener::onKernelRequest". [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2012-07-05 15:12:51] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2012-07-05 15:12:51] event.DEBUG: Notified event "kernel.exception" to listener "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException". [] []
[2012-07-05 15:12:51] security.DEBUG: Access is denied (user is not fully authenticated) by "/var/www/motoratings/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70; redirecting to authentication entry point [] []
[2012-07-05 15:12:51] security.DEBUG: Calling Authentication entry point [] []
回答1:
It turns out the answer was simply to clear my browser's cookies, for some reason I had 2 PHPSESSID cookies set.. no idea how that's even possible?
My assumption is that this was due to fiddling with this, and maybe because I had 2 firewalls which I later stripped down to 1?
It seemed that Symfony was cycling the PHPSESSID cookies, every page hit it was changing, so any authentication was on a session that wasn't persisted to the next- and thus gave me the described problem.
Is there a legitimate reason there'd be 2 cookies set?.. Surely it's not even possible to have 2 cookies of the same name set? I didn't investigate it properly before clearing them, I guess that must have had different paths or something?.. But yet they both seemed to be present on every request.
回答2:
A stab in the dark, but does your user class getRoles()
method returns a ROLE_USER in any case because if this method does not return anything, the user will be considered as anonymous and thus not authenticated.
回答3:
Another stab in the dark, it seems that you are redirecting to sonata_admin_dashboard
route, which resolves to /admin/dashboard
url. According to your security.yml
it seems that the user needs to have ROLE_ADMIN
or ROLE_SONATA_ADMIN
role to access the page.
来源:https://stackoverflow.com/questions/11051179/symfony2-fosuserbundle-not-setting-authenticated-user-to-session