symfony: 3.0.4 Security component drops authentication: documentation example not working
Hi!
I’m on fresh 3.0.4 install and copy-pasting authentication code from the docs, specifically:
# security.yml
security:
providers:
in_memory:
memory:
users:
admin:
password: kitten
roles: 'ROLE_ADMIN'
encoders:
Symfony\Component\Security\Core\User\User: plaintext
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
form_login:
login_path: login
check_path: login
logout:
path: /logout
target: /
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
I, of course, have the form, the controllers and the views.
Now what happens is:
- When going to
/admini’m getting redirected to/loginform - I successfully authenticate and get taken back to
/admin. - There, security decides to ignore my authentication and create a new anonymous session
- Which results in getting a 403 and being taken back to
/login.
Here is the log output of what happens after i submit my login form at /login
[2016-04-21 12:40:53] request.INFO: Matched route "login". {"route_parameters":{"_controller":"AppBundle\\Controller\\DefaultController::loginAction","_route":"login"},"request_uri":"http://symfony3.dev/login"} []
[2016-04-21 12:40:53] security.INFO: User has been authenticated successfully. {"username":"admin"} []
[2016-04-21 12:40:53] security.DEBUG: Stored the security token in the session. {"key":"_security_main"} []
[2016-04-21 12:40:53] request.INFO: Matched route "app_default_admin". {"route_parameters":{"_controller":"AppBundle\\Controller\\DefaultController::adminAction","_route":"app_default_admin"},"request_uri":"http://symfony3.dev/admin"} []
[2016-04-21 12:40:53] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WTF?! WHY? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[2016-04-21 12:40:53] security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at /home/vagrant/www/symfony3.dev/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php:70)"} []
[2016-04-21 12:40:53] security.DEBUG: Calling Authentication entry point. [] []
[2016-04-21 12:40:53] request.INFO: Matched route "login". {"route_parameters":{"_controller":"AppBundle\\Controller\\DefaultController::loginAction","_route":"login"},"request_uri":"http://symfony3.dev/login"} []
[2016-04-21 12:40:53] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-04-21 12:40:53] request.INFO: Matched route "_wdt". {"route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"b2478d","_route":"_wdt"},"request_uri":"http://symfony3.dev/_wdt/b2478d"} []
Why can this be happening?
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 26 (14 by maintainers)
Commits related to this issue
- Fixed not being able to login on prod - ALWAYS USE HTTPS: https://github.com/symfony/symfony/issues/18608#issuecomment-281498905 - IF YOU ENABLE DEBUG MODE IN PROD, thing about the packages that ar... — committed to wavetrophy/wavetrophy by D4rkMindz 5 years ago
- Fixed not being able to login on prod - ALWAYS USE HTTPS: https://github.com/symfony/symfony/issues/18608#issuecomment-281498905 - IF YOU ENABLE DEBUG MODE IN PROD, thing about the packages that ar... — committed to wavetrophy/wavetrophy by D4rkMindz 5 years ago
I finally found out a solution, I don’t know why but I had no session until I set HTTPS. Now it works fine.
@CharlyPoppins
Yeah, it was something container/docker related. I do not recall exactly, but I believe we had to adjust the location of where to session files go (within the container). It had to be non-mounted directory.
UPDATE: Like this:
Hope that helps.