[FLOW3-general] Policies not working

Steffen Wickham steffen at gaming-inc.de
Tue Aug 14 20:32:38 CEST 2012 

Hello again Martin,

you have two problems in your policy.yaml:
First of all you have a typo in your definition (as mentioned before).
Your definition for RestrictedArea should be: RestrictedArea:
'method(Abgabe\Controller\ExerciseController->.*Action())'

And your second error is your definition in ACL. If your user has the
roles Student and Administrator the DENY definition will override every
GRANT and access would be denied even you have the role Administrator.
Please have a look at
http://flow3.typo3.org/documentation/guide/partiii/security.html and
search for "/Privilege evaluation".  /So DENY wouldn't be necessary at
all since it's the default behavior.

This is how I configured my FLOW3 1.1 for authentication:

TYPO3:
  FLOW3:
    persistence:
      backendOptions:
        driver: 'pdo_mysql'
        dbname: 'afsvn_dev'
        user: 'afsvn_dev'
        password: 'MYPASSWORD'
        host: '127.0.0.1'

    security:
      authentication:
#        authenticationStrategy: oneToken
        providers:
          DefaultProvider:
            provider: PersistedUsernamePasswordProvider
            entryPoint: 'WebRedirect'
            entryPointOptions:
                uri: 'login.html'

My Policy.yaml looks like yours.

Greets
Steffen



Am 14.08.2012 18:24, schrieb Martin:
> Hi Oliver,
>
> thank you a lot!
> But the security Framework is not getting his job done...
>
> I was looking at the BlogPackage for the Policy and Setting.
>
> Putting Settings in the Global Setting, still not working...
>
> I am not getting, why this isnt working...
>
> Cheers
>
> Martin
>
> On 08/14/2012 05:50 PM, Oliver Beck wrote:
>> Am 14.08.2012 17:32, schrieb Martin:
>>> Hi,
>>>
>>> unfortunately still not working.
>>>
>>> Somehow I got the feeling that it might be the Settings.yaml and/or
>>> both Policy.yaml
>>>
>>> What is the best way to debug this behavior? No hints in any Logfile
>>> why the security isn't working.
>>>
>>> Cheers
>>>
>>> Martin
>>>
>>> On 08/14/2012 05:17 PM, David Sporer wrote:
>>>> Hi,
>>>>
>>>> I had a problem with the Policy.yaml last week and it turned out that
>>>> I had
>>>> to clear the cache manually when I was in Development mode.
>>>> Try to delete all contents in Data/Temporary and try if it works
>>>> afterwards.
>>>>
>>>> Regards
>>>> David
>>>>
>>>> 2012/8/14 Oliver Beck<oli5188 at gmail.com>
>>>>
>>>>> Try this
>>>>>
>>>>> resources: methods: RestrictedArea:
>>>>> 'method(Abgabe\ExerciseController->*.Action())'
>>>>> #methods(\Abgabe\Controller\Ex erciseController->IndexAction())'
>>>>>
>>>>> '*' and '.' are inverted
>>>>>
>>>>> Kind Regards
>>>>>
>>>>> Oliver
>>>>> Am 14.08.2012 16:10 schrieb "Martin"<titusmailing at googlemail.com>:
>>>>>
>>>>>> Hi List,
>>>>>>
>>>>>> I have again a beginner question with restricted Access on Classes
>>>>>> and/or
>>>>>> methods. Both restrictions are not working.
>>>>>>
>>>>>> My plan is to protect the whole Controller for being accessed.
>>>>>> All my
>>>>>> tryouts went wrong, doesn't matter what i put in RestrictedArea.
>>>>>>
>>>>>> My Policy.yaml:
>>>>>>
>>>>>> resources:
>>>>>> methods:
>>>>>> RestrictedArea: 'method(Abgabe\**ExerciseController->.*Action()**)'
>>>>>> #methods(\Abgabe\Controller\**ExerciseController->**IndexAction())'
>>>>>>
>>>>>> roles:
>>>>>> Student: []
>>>>>> # Hiwi: [Student]
>>>>>> Administrator: []
>>>>>> acls:
>>>>>> Student:
>>>>>> methods:
>>>>>> RestrictedArea: DENY
>>>>>> Administrator:
>>>>>> methods:
>>>>>> RestrictedArea: GRANT
>>>>>>
>>>>>> ############# POLICY END ########
>>>>>> My Package Settings.yaml
>>>>>>
>>>>>> TYPO3:
>>>>>> FLOW3:
>>>>>> security:
>>>>>> enable: true
>>>>>> authentication:
>>>>>> # authenticationStrategy: oneToken
>>>>>> providers:
>>>>>> DefaultProvider:
>>>>>> provider: PersistedUsernamePasswordProvi**der
>>>>>> entryPoint: 'WebRedirect'
>>>>>> entryPointOptions:
>>>>>> uri: 'abgabe/exercise/'
>>>>>>
>>>>>> ############## SETTINGS END ###########
>>>>>>
>>>>>> Log in is working, also the added roles.
>>>>>>
>>>>>> Can someone give me a hint where to look, I don't get it from the
>>>>>> manual
>>>>>> neither the Conference or Blog-package.
>>>>>>
>>>>>> Many thanks in Advance!
>>>>>>
>>>>>> Greetz
>>>>>>
>>>>>> Martin
>>>>>> ______________________________**_________________
>>>>>> FLOW3-general mailing list
>>>>>> FLOW3-general at lists.typo3.org
>>>>>> http://lists.typo3.org/cgi-**bin/mailman/listinfo/flow3-**general<
>>>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general>
>>>>>>
>>>>> _______________________________________________
>>>>> FLOW3-general mailing list
>>>>> FLOW3-general at lists.typo3.org
>>>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>>>>>
>>> _______________________________________________
>>> FLOW3-general mailing list
>>> FLOW3-general at lists.typo3.org
>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>> Sorry, in my last post was an error...
>>
>> Try this again:
>>
>>
>> resources:
>> methods:
>> RestrictedArea:
>> 'method(Abgabe\Controller\ExerciseController->*.Action())'
>>
>> Kind Regards
>>
>> Oliver
>>
>>
>>
> _______________________________________________
> FLOW3-general mailing list
> FLOW3-general at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general

More information about the FLOW3-general mailing list