Symfony2 ESI bug browser cache

Question

I am using ESI caching at my web; there were working fine and today I cleared APC cache and sf2 cache and I see everything OK. But some people can't see the esi panels etc.

Why is this, and how to fix it? I don't understand why I and some friends can see it well and other people cannot?

Using symfony 2.1.7

Rendering this way:

$response=new Response();
$response= $this->render('HomePageBundle:Default:index.html.twig', array(...
$response->setPrivate(true);
$response->setMaxAge(300);

return $response;

My web/app.php file

require_once __DIR__.'/../app/bootstrap.php.cache';
require_once __DIR__.'/../app/AppKernel.php';
require_once __DIR__.'/../app/AppCache.php';

$loader = new ApcClassLoader('tb_sf2', $loader);
$loader->register(true);

$kernel = new AppKernel('prod', false);
$kernel->loadClassCache();

// wrap the default AppKernel with the AppCache one
$kernel = new AppCache($kernel);

$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);

But if it would be an error I would not see the esi panels too, right?

I cleared the cache again some time (maybe 30mins later) one said:

Now I can see the left menu, but the top, still nothing there

I cleared the log and than my friend made refresh... this log was added for each ESI panel:

[2013-05-27 23:03:17] request.INFO: Matched route "home_page_homepage" (parameters: "_controller": "TB\HomePageBundle\Controller\DefaultController::indexAction", "_route": "home_page_homepage") [] []
[2013-05-27 23:03:17] app.INFO: Locale Query Guessing Service Loaded [] []
[2013-05-27 23:03:17] app.INFO: Locale has not been identified by the Query guessing service [] []
[2013-05-27 23:03:17] app.INFO: Locale Session Guessing Service Loaded [] []
[2013-05-27 23:03:17] app.INFO: Locale has been identified by guessing service: ( Session ) [] []
[2013-05-27 23:03:17] app.INFO: Setting [ en ] as defaultLocale for the Request [] []
[2013-05-27 23:03:17] security.DEBUG: Read SecurityContext from the session [] []
[2013-05-27 23:03:17] security.DEBUG: Reloading user from user provider. [] []
[2013-05-27 23:03:17] security.DEBUG: Username "MbrunoM" was reloaded from user provider. [] []
[2013-05-27 23:03:18] security.DEBUG: Write SecurityContext in the session [] []
[2013-05-27 23:03:18] request.INFO: Matched route "notifications_box_esi" (parameters: "_controller": "TB\HomePageBundle\Controller\DefaultController::notificationsBoxEsiAction", "max": "10", "_route": "notifications_box_esi") [] []
[2013-05-27 23:03:18] app.INFO: Locale Query Guessing Service Loaded [] []
[2013-05-27 23:03:18] app.INFO: Locale has not been identified by the Query guessing service [] []

[2013-05-27 23:03:18] app.INFO: Locale Query Guessing Service Loaded [] []
[2013-05-27 23:03:18] app.INFO: Locale has not been identified by the Query guessing service [] []
[2013-05-27 23:03:18] app.INFO: Locale Session Guessing Service Loaded [] []
[2013-05-27 23:03:18] app.INFO: Locale has been identified by guessing service: ( Session ) [] []
[2013-05-27 23:03:18] app.INFO: Setting [ en ] as defaultLocale for the Request [] []
[2013-05-27 23:03:18] security.DEBUG: Read SecurityContext from the session [] []
[2013-05-27 23:03:18] security.DEBUG: Reloading user from user provider. [] []
[2013-05-27 23:03:18] security.DEBUG: Username "MbrunoM" was reloaded from user provider. [] []
[2013-05-27 23:03:18] security.DEBUG: Access is denied (and user is neither anonymous, nor remember-me) by "/var/www/domain.com/framework/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70 [] []
[2013-05-27 23:03:18] security.DEBUG: Access is denied (and user is neither anonymous, nor remember-me) by "/var/www/domain.com/framework/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70 [] []

provide more information , render methods, configuration .. which version of symfony? which reverse proxy ? varnish? internal? What do the logfiles say? — Nicolai Fröhlich, May 27 '13 at 20:41
yea.. i over readed it in bunch of text and was hoping nobody notice before i edited it.. if you want please change your comment to from "t....." to "domain" :D — Lukas Lukac, May 27 '13 at 21:22
updated my answer with more information on the firewall configuration. — Nicolai Fröhlich, May 27 '13 at 21:35

Nicolai Fröhlich · Accepted Answer · 2013-05-27T21:46:01.957

0

Make sure your users are allowed to gain access to the ESI route by your firewall.

There might be an error in your Firewall configuration. Your user does not have access granted to route '*notifications_box_esi*'. The interesting line in your debug log is this one:

security.DEBUG: Access is denied (and user is neither anonymous, nor remember-me) by "/var/www/nonamepage/framework/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php" at line 70 [] [] [2013-05-27 23:03:18] security.

You firewall allows or restricts access to certain routes/urls based on roles or an access-decision-manager.

The configuration can be found in your security.yml:

security:

    # ...

    access_control:
        - { path: ^/admin/users, roles: ROLE_SUPER_ADMIN }
        - { path: ^/admin, roles: ROLE_ADMIN }

    # ... or with an access decision manager
    firewalls:
        your_firewall_name:
            pattern:    ^/
            # ...

You can check which roles a current user has with:

$this->get('security.context')->getToken()->getUser()->getRoles();

edited May 27 '13 at 21:46

answered May 27 '13 at 21:16

Nicolai Fröhlich

51,330
11
126
130

yes i noticed but what to do with it? How to "grand" access to this route? – Lukas Lukac May 27 '13 at 21:24
search the route. security checks might be implemented by is_granted() in twig aswell or in your controller action rendering the route. Possibly with JMSSecurityExtraBundle annotations ... don't know the structure of the project. – Nicolai Fröhlich May 27 '13 at 21:40
ow you have meaned this firewall sure i know them...aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa omg ... somebody punch me please... okay...the solution appeared inmediatly in my head after i saw: - { path: ^/admin/users, roles: ROLE_SUPER_ADMIN } - { path: ^/admin, roles: ROLE_ADMIN } this lines... the image of two lines that i modified a week ago appeared in my head ... and i didnt clear cache from then that's why i coul not remember where the error could be... ah i had ROLE_SUPER_ADMIN for /esi/ and i am super admin that's why i saw everything good and my friend as well... ah ah – Lukas Lukac May 27 '13 at 21:45
thx mate ;) give me some contact for you ? I will buy you a drink or send you some bucks? :) – Lukas Lukac May 27 '13 at 21:45

score 0 · Answer 2 · answered Sep 09 '15 at 09:47

I know it is a problem from 2 years ago but I have got the same issue : security.DEBUG: Access is denied (and user is neither anonymous, nor remember-me)

The problem is that if I do is granted in my LoginSuccessHandler which redirect to my page, I got the good role (ROLE_USER) but it still doesn't work. I have already cleaned my cache, it doesn't make any difference. If I go the symfony debug toolbar, it says : Authenticated? no (probably because the user has no roles)

Here is my security.yml and my LoginSuccessHandler :

security:
  encoders:
    Mainbundle\Entity\Personne:
      algorithm:        sha512
      encode_as_base64: false
      iterations:       1

  role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_MANAGER, ROLE_ALLOWED_TO_SWITCH ]

  providers:
    administrators:
      entity: { class: MainBundle:Personne }

  firewalls:
    #wsse_secured:
      #pattern:   ^/api/.*
      #stateless: true
      #wsse: true
    default:
      #pattern:      ^/
      pattern:      ^/wsse
      anonymous:    ~
      #wsse:         true
      form_login:
        post_only:           true
        use_forward:         false
        provider:            administrators
        csrf_provider:       form.csrf_provider
        csrf_parameter:      _csrf_token
        remember_me:         true
        login_path:          login_route
        check_path:          login_check
        default_target_path: admin
        failure_path:        null
        success_handler:     main.component.authentication.handler.login_success_handler
      logout:
        path:         logout
        target:       /
        success_handler: main.component.authentication.handler.logout_success_handler

  access_control:
    - { path: ^/wsse/admin, roles: ROLE_USER }
    - { path: ^/wsse, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
    #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    #- { path: ^/login_check, roles: IS_AUTHENTICATED_ANONYMOUSLY }

    #providers:
        #webservice:
            #id: webservice_user_provider
        #in_memory:
            #memory: ~

    #encoders:
        #MainBundle\Security\User\WebserviceUser: sha512

<?php
 
namespace MainBundle\Component\Authentication\Handler;
 
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Router;
use Doctrine\ORM\EntityRepository;
use MainBundle\Entity\UserRepository;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Mainbundle\Manager\UserManager;

class LoginSuccessHandler extends Controller implements AuthenticationSuccessHandlerInterface
{
 protected $router;
 protected $security;
 protected $usermanager;
 
 public function __construct($usermanager, Router $router, SecurityContext $security)
 {
  $this->router = $router;
  $this->security = $security;
  $this->usermanager = $usermanager;
 }
 
 public function onAuthenticationSuccess(Request $request, TokenInterface $token)
 {
  $personne = $token->getUser();
  $usermanager = $this->usermanager->getRepository();
  $role_array = $this->usermanager->findRole($personne->getId());
  $personne->setRoles($role_array);
  
  var_dump($this->security->getToken()->getUser()->getRoles());
  
  if ($this->security->isGranted('ROLE_SUPER_ADMIN'))
  {
   $response = new RedirectResponse($this->router->generate('category_index'));
  }
  elseif ($this->security->isGranted('ROLE_ADMIN'))
  {
   $response = new RedirectResponse($this->router->generate('category_index'));
  } 
  elseif ($this->security->isGranted('ROLE_USER'))
  {
   $response = new RedirectResponse($this->router->generate('admin'));
   // redirect the user to where they were before the login process begun.
   /*$referer_url = $request->headers->get('referer');
      
   $response = new RedirectResponse($referer_url);*/
  }
  elseif ($this->security->isGranted('ROLE_MANAGER'))
  {
   $response = new RedirectResponse($this->router->generate('admin'));
  }
  return $response;
 } 
}

Symfony2 ESI bug browser cache

2 Answers2