Authentication fails silently in Symfony2
I'm having trouble getting authentication to work but it only appears to happen in very specific circumstances. Authentication is done via a third party API so I've written my own user provider class and inside that class is some code that syncs data between the API and Symfony, as part of that syncing process it determines which roles the user should have. After doing this it sets up the relationships between the roles and user via a ManyToMany relationship.
The getRoles() method in my User object gets the role objects out of the database and turns it into an array of strings, the role names come from my database and all start with ROLE_.
If I login with an account that should have no extra roles it works fine, but if I login to an account that should have roles I just get sent back to the login screen with no error message.
I've checked the log and saw these entries:
security.INFO: User "test105@example.com" has been authenticated successfully [] []
event.DEBUG: Notified event "security.interactive_login" to listener "PogoMyBundleListenerLoginListener::onSecurityInteractivelogin". [] []
event.DEBUG: Listener "SymfonyComponentSecurityHttpFirewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
event.DEBUG: Listener "SymfonyBundleFrameworkBundleEventListenerRouterListener" was not called for event "kernel.request". [] []
event.DEBUG: Listener "SymfonyBundleAsseticBundleEventListenerRequestListener" was not called for event "kernel.request". [] []
event.DEBUG: Notified event "kernel.response" to listener "SymfonyComponentSecurityHttpFirewallContextListener::onKernelResponse". [] []
security.DEBUG: Write SecurityContext in the session [] []
event.DEBUG: Notified event "kernel.response" to listener "SymfonyComponentHttpKernelEventListenerResponseListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "SymfonyBundleSecurityBundleEventListenerResponseListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "SymfonyBridgeMonologHandlerFirePHPHandler::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "SensioBundleFrameworkExtraBundleEventListenerCacheListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "SymfonyComponentHttpKernelEventListenerProfilerListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.response" to listener "SymfonyBundleWebProfilerBundleEventListenerWebDebugToolbarListener::onKernelResponse". [] []
event.DEBUG: Notified event "kernel.request" to listener "SymfonyBundleFrameworkBundleEventListenerRouterListener::onEarlyKernelRequest". [] []
event.DEBUG: Notified event "kernel.request" to listener "SymfonyBundleFrameworkBundleEventListenerSessionListener::onKernelRequest". [] []
event.DEBUG: Notified event "kernel.request" to listener "SymfonyComponentSecurityHttpFirewall::onKernelRequest". [] []
security.INFO: Populated SecurityContext with an anonymous Token [] []
event.DEBUG: Notified event "kernel.exception" to listener "SymfonyComponentSecurityHttpFirewallExceptionListener::onKernelException". [] []
security.DEBUG: Access denied (user is not fully authenticated); redirecting to authentication entry point [] []
security.DEBUG: Calling Authentication entry point [] []
I don't understand how it can be authenticated at top, then as soon as it checks the firewall it finds itself with an anonymous token which is why it presumably sends me back to the login screen.
My firewall / access_control settings are:
firewalls:
public:
pattern: /.*
anonymous: true
tessitura_login:
login_path: /account/login
check_path: /secure/login_check
logout:
path: /secure/logout
target: /
access_control:
- { path: ^/secure/.*, role: ROLE_USER }
- { path: ^/admin.*, role: ROLE_ADMIN }
- { path: ^/account/login/?, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
Any help with this would be massively appreciated, I've spent a few hours on this now and am completely stumped.
Got this silent fail issue when was using phone number as username and didn't specified username property in refreshUser()
method, which should be:
public function refreshUser(UserInterface $customer)
{
$class = get_class($customer);
if( !$this->supportsClass($class) ) {
throw new UnsupportedUserException("Instances of "{$class}" are not supported");
}
return $this->loadUserByUsername($customer->getPhoneNumber()); // <-- This is it!
}
I think I'm not the only one who missed it, might help.
A broken session storage caused this for me. I was using PdoSessionHandler and disappointingly it gave no clear error or log message.
I've experienced the same. When my users logs in I check what role he has with a couple of statements like this:
if(true === $this->get('security.context')->isGranted('ROLE_MANAGER')){
//return redirect
}
if(true === $this->get('security.context')->isGranted('ROLE_USER')){
//return redirect
}
//throw error
Time to time some users get an error thrown in their face. I imagine that it is because of the same reason. The user is somehow authenticated but haven't got their role.
I can't reproduce the problem my self. I have just heard error reports from my users.
链接地址: http://www.djcxy.com/p/9142.html上一篇: Django model.save()不适用于loaddata
下一篇: 在Symfony2中,身份验证失败