[FLOW3-general] Problems defining an EntryPoint

Andreas Förthner andreas.foerthner at netlogix.de
Fri Dec 2 13:56:10 CET 2011 

Hi Ivan,

yes, you tried to access a protected controller without sending the csrf
token. Therefore the firewall will block the request right at the
beginning. If this is an action that does not change any data you can
safely skip csrf-protection by annotating your action method with:
@FLOW3\SkipCsrfProtection.

Maybe we can automize this in the future, but that's a bit difficult, so
you have to do in manually for now.

Greets Andi

Am 02.12.11 11:37 schrieb "Ivan Ruiz Gallego" unter <ivan at loglan.net>:

>Hello,
>
>I'm unable to get a WebRedirect as the EntryPoint working! I've taken a
>look at TYPO3.Blog. There, it doesn't seems to work either... I just
>want that users that haven't logged in yet get redirected to the login
>form. Such simple as that!
>
>According to my configuration (see below) I'd expect the following
>behaviour for users that haven't logged in yet:
>1) The user makes a request to 'backoffice'
>2) Since the user isn't logged in and the URL 'backoffice' tries to
>execute 'list' action from the 'coffee' controller, a redirect to
>'backoffice/login' should take place.
>
>This is not happening! Instead of this I get an uncaught exception
>"#1216919280: You are not allowed to perform this action.".
>
>Thanks,
>Ivan.
>
>--
>CONFIGURATION
>
>The Settings.yaml of my package looks like this:
>
>TYPO3:
>   FLOW3:
>     security:
>       authentication:
>         authenticationStrategy: oneToken
>         providers:
>           DefaultProvider:
>             providerClass: PersistedUsernamePasswordProvider
>             entryPoint:
>               WebRedirect:
>                 uri: backoffice/login
>
>
>and the Policy.yaml like this:
>
>resources:
>   methods:
>     Acme_Demo_UserAdminMethods:
>'method(Acme\Demo\Controller\UserController->(list|delete|new|create)Actio
>n())'
>     Acme_Demo_RestrictedControllers:
>'class(Acme\Demo\Controller\(Coffee|Soda|User)Controller)'
>roles:
>   Administrator: []
>   Editor: []
>acls:
>   Editor:
>     methods:
>       Acme_Demo_UserAdminMethods: DENY
>       Acme_Demo_RestrictedControllers: GRANT
>   Administrator:
>     methods:
>       Acme_Demo_BenutzerAdministratorMethods: GRANT
>       Acme_Demo_RestrictedControllers: GRANT
>
>
>and finally Routes.yaml (in this order):
>
>[...]
>-
>   name: 'Backoffice Authentication'
>   uriPattern:    'backoffice/login(/{@action})'
>   defaults:
>     '@package':    'Acme.Demo'
>     '@controller': 'Login'
>     '@action':     'index'
>     '@format':     'html'
>
>-
>   name: 'Backoffice Index'
>   uriPattern:    'backoffice'
>   defaults:
>     '@package':    'Acme.Demo'
>     '@controller': 'Coffee'
>     '@action':     'list'
>     '@format':     'html'
>
>[...]
>
Andreas Förthner
Leiter Web-Entwicklung

Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de
Website: media.netlogix.de


--
netlogix GmbH & Co. KG
IT-Services | IT-Training | Media
Andernacher Straße 53 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: info at netlogix.de | Internet: http://www.netlogix.de

netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Umsatzsteuer-Identifikationsnummer: DE 233472254
Geschäftsführer: Stefan Buchta, Matthias Schmidt



_______________________________________________
>FLOW3-general mailing list
>FLOW3-general at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general

More information about the FLOW3-general mailing list