[FLOW3-general] Problems defining an EntryPoint
Ivan Ruiz Gallego
ivan at loglan.net
Fri Dec 2 14:13:11 CET 2011
Hi Bernhard,
I don't get the exception anymore, but the WebRedirect doesn't take
place. And anyway, I need to protect the controller actions in question,
so skipping csrf protection doesn't help.
Ivan.
On 02.12.2011 14:08, Bernhard Fischer wrote:
> Hi Andreas,
>
> what's behind @FLOW3\SkipCsrfProtection and how does the controller
> behave afterwards it's annotated. I still get exceptions whether it's
> annotated or not. Can't see the difference.
>
> Thx
> Bernhard
>
> On 12/02/2011 01:56 PM, Andreas Förthner wrote:
>> Hi Ivan,
>>
>> yes, you tried to access a protected controller without sending the csrf
>> token. Therefore the firewall will block the request right at the
>> beginning. If this is an action that does not change any data you can
>> safely skip csrf-protection by annotating your action method with:
>> @FLOW3\SkipCsrfProtection.
>>
>> Maybe we can automize this in the future, but that's a bit difficult, so
>> you have to do in manually for now.
>>
>> Greets Andi
>>
>> Am 02.12.11 11:37 schrieb "Ivan Ruiz Gallego" unter<ivan at loglan.net>:
>>
>>> Hello,
>>>
>>> I'm unable to get a WebRedirect as the EntryPoint working! I've taken a
>>> look at TYPO3.Blog. There, it doesn't seems to work either... I just
>>> want that users that haven't logged in yet get redirected to the login
>>> form. Such simple as that!
>>>
>>> According to my configuration (see below) I'd expect the following
>>> behaviour for users that haven't logged in yet:
>>> 1) The user makes a request to 'backoffice'
>>> 2) Since the user isn't logged in and the URL 'backoffice' tries to
>>> execute 'list' action from the 'coffee' controller, a redirect to
>>> 'backoffice/login' should take place.
>>>
>>> This is not happening! Instead of this I get an uncaught exception
>>> "#1216919280: You are not allowed to perform this action.".
>>>
>>> Thanks,
>>> Ivan.
>>>
>>> --
>>> CONFIGURATION
>>>
>>> The Settings.yaml of my package looks like this:
>>>
>>> TYPO3:
>>> FLOW3:
>>> security:
>>> authentication:
>>> authenticationStrategy: oneToken
>>> providers:
>>> DefaultProvider:
>>> providerClass: PersistedUsernamePasswordProvider
>>> entryPoint:
>>> WebRedirect:
>>> uri: backoffice/login
>>>
>>>
>>> and the Policy.yaml like this:
>>>
>>> resources:
>>> methods:
>>> Acme_Demo_UserAdminMethods:
>>> 'method(Acme\Demo\Controller\UserController->(list|delete|new|create)Actio
>>>
>>> n())'
>>> Acme_Demo_RestrictedControllers:
>>> 'class(Acme\Demo\Controller\(Coffee|Soda|User)Controller)'
>>> roles:
>>> Administrator: []
>>> Editor: []
>>> acls:
>>> Editor:
>>> methods:
>>> Acme_Demo_UserAdminMethods: DENY
>>> Acme_Demo_RestrictedControllers: GRANT
>>> Administrator:
>>> methods:
>>> Acme_Demo_BenutzerAdministratorMethods: GRANT
>>> Acme_Demo_RestrictedControllers: GRANT
>>>
>>>
>>> and finally Routes.yaml (in this order):
>>>
>>> [...]
>>> -
>>> name: 'Backoffice Authentication'
>>> uriPattern: 'backoffice/login(/{@action})'
>>> defaults:
>>> '@package': 'Acme.Demo'
>>> '@controller': 'Login'
>>> '@action': 'index'
>>> '@format': 'html'
>>>
>>> -
>>> name: 'Backoffice Index'
>>> uriPattern: 'backoffice'
>>> defaults:
>>> '@package': 'Acme.Demo'
>>> '@controller': 'Coffee'
>>> '@action': 'list'
>>> '@format': 'html'
>>>
>>> [...]
>>>
>> Andreas Förthner
>> Leiter Web-Entwicklung
>>
>> Telefon: +49 (911) 539909 - 0
>> E-Mail: andreas.foerthner at netlogix.de
>> Website: media.netlogix.de
>>
>>
>> --
>> netlogix GmbH& Co. KG
>> IT-Services | IT-Training | Media
>> Andernacher Straße 53 | 90411 Nürnberg
>> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
>> E-Mail: info at netlogix.de | Internet: http://www.netlogix.de
>>
>> netlogix GmbH& Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
>> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB
>> 20634)
>> Umsatzsteuer-Identifikationsnummer: DE 233472254
>> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>>
>>
>>
>> _______________________________________________
>>> FLOW3-general mailing list
>>> FLOW3-general at lists.typo3.org
>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>>
>> _______________________________________________
>> FLOW3-general mailing list
>> FLOW3-general at lists.typo3.org
>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
More information about the FLOW3-general
mailing list