0

I have a custom user provider, following the guide in:

http://symfony.com/doc/current/cookbook/security/custom_provider.html

All is working without errors, but I don't manage to access the restricted zone.

In my UserProvider class, I set $roles var to have array("ROLE_USER") and that's the permission I need to access route app/list, but when I go to app/list, Symfony redirects me to login again and again.

I've seen the debug toolbar and it results:

Username    anon.
Authenticated?   yes
Roles   { }
Token class Symfony\Component\Security\Core\Authentication\Token\AnonymousToken

My security.yml file is:

security:
firewalls:
    secured_area:
        pattern:    ^/
        anonymous: ~
        form_login: ~
        http_basic:
            realm: "Secured Demo Area"
        form_login:
            provider: webservice
            login_path: login
            check_path: login_check
            always_use_default_target_path: true
            default_target_path: listado_actas
        logout:
            path:   logout
            target: login

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }

providers:
    webservice:
        id: webservice_user_provider

encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    Actas\Gestion\UserBundle\Security\User\WebServiceUser:
        id: my.encoder.service

My UserProvider class looks like the following. I just call an XML service that gives me a TOKEN that I will store in my UserClass:

public function loadUserByUsername($username)
{
    $salt = "";
    $roles = "";
    // make a call to your webservice here

    $password = $this->request->get('_password');
    $xml_interface = new XMLInterfaceBundle();
    $token = $xml_interface->requestLogin($username, $password);

    if (strlen($token) > 10) {
        $roles = array("ROLE_USER");
        $salt  = "";
        return new WebserviceUser($username, $password, $salt, $roles, $token);
    }

    throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username));
}

This is my UserObject in DaoAuthenticationProvider::checkAuthentication()

Actas\Gestion\UserBundle\Security\User\WebserviceUser Object
(
    [username:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => 44886706X
    [password:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => 44886706XkCrDP
    [salt:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => 
    [roles:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => Array
        (
            [0] => ROLE_ADMIN
        )

    [my_token:Actas\Gestion\UserBundle\Security\User\WebserviceUser:private] => 
)

This is my routing.yml:

xml_interface:
    resource: "@XMLInterfaceBundle/Resources/config/routing.yml"
    prefix:   /

actas:
    resource: "@ActasBundle/Resources/config/routing.yml"
    prefix:   /

login:
    pattern:   /login
    defaults:  { _controller: UserBundle:Default:login }

login_check:
    pattern:   /login_check

logout:
    pattern:   /logout
MaxiGui
  • 6,190
  • 4
  • 16
  • 33
Javier Núñez
  • 612
  • 1
  • 5
  • 17
  • How did you set the `role_hierarchy` in `security.yml`? – lvarayut Jan 28 '14 at 10:01
  • I don't have it set, is it necessary? – Javier Núñez Jan 28 '14 at 10:03
  • Yes, I think so. I mentioned in my comment. – lvarayut Jan 28 '14 at 10:11
  • What version of Symfony 2 are you using? login_check really should point to a named route. I doubt if that is the problem though. – Cerad Jan 28 '14 at 13:45
  • Been awhile since I have dug into a problem like this. The form login process eventually ends up here: Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider. Might want to stick a die statement (or maybe a breakpoint) in the checkAuthentication method. It could be that the password stuff is not right or you have some trivial error going on. – Cerad Jan 28 '14 at 13:58
  • I've check checkAuthentication method and doesn't throw any exception. I've updated my question with user object. – Javier Núñez Jan 28 '14 at 14:07
  • I have a custom authentication encoder, and i have function isPassWordValid($encoded, $raw, $salt) { return true; } and that's what it returns. All seems fine, no errors, but still no User authenticated. – Javier Núñez Jan 28 '14 at 14:08
  • The 2.4 manual says that you MUST have routes defined for login_check. http://symfony.com/doc/current/book/security.html. Fix that up and see if it helps. – Cerad Jan 28 '14 at 14:21
  • I have it defined in routing.yml (see updated question) Is that what you mean? – Javier Núñez Jan 28 '14 at 14:25
  • In your security.yml file, check_path: /app/login_check should be check_path: login_check (drop the /app). As should the rest of the routes. – Cerad Jan 28 '14 at 14:28
  • I've changed security.yml and routing.yml, but still i don't user authenticated – Javier Núñez Jan 28 '14 at 14:44
  • Starting to run out of ideas. After authentication the token is stored in the session. The token is retrieved on subsequent request. Need to make sure your token/user is properly serialized. Maybe take a look at what UserProvider::refreshUser() is getting. – Cerad Jan 28 '14 at 15:19
  • In UserAuthenticationProvider::authenticate() when i do $authenticatedToken->setAttributes($token->getAttributes()); the attributes of the token are empty, is that normal? – Javier Núñez Jan 28 '14 at 15:26

1 Answers1

0

Just try to set the Role_hierarchy as following:

security:
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

Don't forget to set the role of your User object as ROLE_ADMIN, for example, in order to match the role_hierarchy.

lvarayut
  • 13,963
  • 17
  • 63
  • 87
  • I've done it and it doesn't works... it redirects me to the login. – Javier Núñez Jan 28 '14 at 10:42
  • If I have a custom UserProvider, is it necessary to have a Custom Authorization or returning the WebserviceUser should be enough? – Javier Núñez Jan 28 '14 at 10:42
  • It's strange that it doesn't work. You need the custom authorization. Are you sure that you set the role of your `User` object as `ROLE_ADMIN`? If so, please update your question and I can verify whether you have done in the right way or not. One more thing, did you clear the cache? – lvarayut Jan 28 '14 at 10:46
  • I've checked that i'm returning WebserviceUser, i've seen that in the debug bar, it says that i'm authenticated anonymously, so I think the system is not recognizing my user, any help? – Javier Núñez Jan 28 '14 at 11:40
  • You can plugin your own UserProvider which only needs to return a user object. So that is not the issue. I'm assuming that your User and UserProvider both implement the required interfaces. – Cerad Jan 28 '14 at 13:41
  • Yep, as it's written in official doc: http://symfony.com/doc/current/cookbook/security/custom_provider.html – Javier Núñez Jan 28 '14 at 13:51