[FLOW3-general] Problem with authenticateAction

Thu Sep 29 09:37:24 CEST 2011

Hello everyone,

I have got some problems with the authentication. I would like to have a 
login in the Standard Controller, so you have to login to get any 
further on the site. I used the "authenticateAction" and the settings 
from the Blogexample.

The routing is defined and the "authenticateAction" is called in the 
StandardController. After sending the form with the right Login data I'm 
landing on the redirected site with the error Message "Access denied!". 
A CSRF-Token is generated.

When I'm using a false Login I land on the same page. But here I would 
expect the Exeption in the StandardController after a false Login.

Furthermore I would expect that after Login with the right data as an 
Admin and an redirect on the StandardController that I would get the 
message form the ViewHelper "<f:security.ifHasRole role="Admin">"

Can anybody give me some hint please where my problem is to solve.

Best Regards

Markus

//Login Form
<f:security.ifHasRole role="PartnerMaster">
         I am an Partner Master
     </f:security.ifHasRole>
     <f:security.ifHasRole role="Admin">
         I am an Admin
     </f:security.ifHasRole>
     <div id="loginscreen">
     		<h1>Anmeldung</h1>
         <p><f:flashMessages class="flashmessages" /></p>
         <f:form action="authenticate" method="post">
             Login:
                 <input type="text" id="username"

name="__authentication[TYPO3][FLOW3][Security][Authentication][Token][UsernamePassword][username]"
                         value="" tabindex="1" />
             Password:
                 <input type="password" id="password"

name="__authentication[TYPO3][FLOW3][Security][Authentication][Token][UsernamePassword][password]"
                         value="" tabindex="2" />
                 <input type="submit" value="Login" tabindex="3" />
             </f:form>
     	</div>

//StandardController
/**
* @inject
* @var \TYPO3\FLOW3\Security\Authentication\AuthenticationManagerInterface
*/
protected $authenticationManager;

public function authenticateAction() {
             try {
                 $this->authenticationManager->authenticate();
                 $this->redirect('index', 'Projekt');
             } catch 
(\TYPO3\FLOW3\Security\Exception\AuthenticationRequiredException 
$exception) {
                 $this->flashMessageContainer->add('Wrong username or 
password.');
                 throw $exception;
             }
         }

//Policy.yaml
resources:
   methods:
     MBS_SUPortal_Projekt: 
'method(MBS\SUPortal\Controller\ProjektController->(index|new)Action())'
     MBS_SUPortal_Angebot: 'class(MBS\SUPortal\Controller\Angebot\.*)'
     MBS_SUPortal_Rechnung: 'class(MBS\SUPortal\Controller\Rechnung\.*)'
     MBS_SUPortal_Restricted: 'class(MBS\SUPortal\Controller\User\.*)'
roles:
   Admin: []
   PartnerMaster: []
acls:
   Admin:
     methods:
       MBS_SUPortal_Projekt: GRANT
       MBS_SUPortal_Restricted: GRANT
       MBS_SUPortal_Angebot: GRANT
       MBS_SUPortal_Rechnung: GRANT
   PartnerMaster:
     methods:
       MBS_SUPortal_Angebot: GRANT
       MBS_SUPortal_Angebot: GRANT
       MBS_SUPortal_Rechnung: GRANT

//Routes.yaml
-
   name: 'Authentication'
   uriPattern: 'authenticate'
   defaults:
     '@package':    MBS.SUPortal
     '@controller': Standard
     '@action':     authenticate

//Settings.yaml
--
   FLOW3:
     security:
       authentication:
         providers:
           DefaultProvider:
             providerClass: PersistedUsernamePasswordProvider