Answer the question
In order to leave comments, you need to log in
E
E
Evgeny Komarov2017-03-15 17:07:35
Evgeny Komarov, 2017-03-15 17:07:35
Problems with user authorization in Symfony 3. How to solve?
I'm trying to deal with authorization in Symfony using the native Security Component.
security.yml
security:
encoders:
AppBundle\Entity\User:
algorithm: bcrypt
cost: 10
providers:
in_database:
entity:
class: AppBundle:User
property: username
firewalls:
main:
pattern: /.*
form_login: ~
anonymous: ~
provider: in_database
access_control:
- { path: ^/admin, roles: ROLE_USER }
- { path: ^/.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }SecurityController
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
class SecurityController extends Controller
{
public function loginAction()
{
$authenticationUtils = $this->get('security.authentication_utils');
$error = $authenticationUtils->getLastAuthenticationError();
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('AppBundle:Security:login.html.twig', [
'last_username' => $lastUsername,
'error' => $error,
]);
}
}login.html.twig
{% extends '::base.html.twig' %}
{% block body %}
{% if error %}
<div>{{ error.message }}</div>
{% endif %}
<form action="{{ path('login_check') }}" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="_username" value="{{ last_username }}"/>
<label for="password">Password:</label>
<input type="password" id="password" name="_password"/>
<button type="submit">login</button>
</form>
{% endblock %}user.php
namespace AppBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* @ORM\Table(name="app_user")
* @ORM\Entity(repositoryClass="AppBundle\Repository\UserRepository")
*/
class User implements UserInterface, \Serializable
{
/**
* @ORM\Column(type="integer")
* @ORM\Id
* @ORM\GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @ORM\Column(type="string", length=25, unique=true)
*/
private $username;
/**
* @ORM\Column(type="string", length=64)
*/
private $password;
/**
* @return int
*/
public function getId(): int
{
return $this->id;
}
/**
* @return string
*/
public function getUsername(): string
{
return $this->username;
}
/**
* @param string $username
* @return User
*/
public function setUsername(string $username)
{
$this->username = $username;
return $this;
}
/**
* @return string
*/
public function getPassword(): string
{
return $this->password;
}
/**
* @param string $password
* @return User
*/
public function setPassword(string $password)
{
$this->password = $password;
return $this;
}
/**
* @return array
*/
public function getRoles(): array
{
return ['ROLE_USER'];
}
/**
* @return null
*/
public function getSalt()
{
return null;
}
public function eraseCredentials() {}
/**
* @return string
*/
public function serialize(): string
{
return serialize([
$this->id,
$this->username,
$this->password,
]);
}
public function unserialize($serialized)
{
[$this->id, $this->username, $this->password] = unserialize($serialized);
}
}Authorization is successful if I enter the correct username:password pair. If you enter incorrect data - the script falls on a timeout ... The question is - how to get authorization errors ($ error) correctly?
1 answer(s)
@maNULL
E
Evgeny Svirsky, 2017-03-15 @maNULL
The problem is here:
security.yml
access_control block.
Your login form is behind a firewall. And the timeout - as I understand it, this is a cyclic redirect ...
Add there
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
Similar questions
E
A
M
W
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question