[FLOW3-general] SOLVED Policies not working

Martin titusmailing at googlemail.com
Wed Aug 15 12:15:29 CEST 2012 

Hey at all,

the Problem was the security:enable:true
After I commented this, the whole Security Framework is working as it 
should be.

Thank you again!

Greetz

Martin

On 08/14/2012 08:32 PM, Steffen Wickham wrote:
> Hello again Martin,
>
> you have two problems in your policy.yaml:
> First of all you have a typo in your definition (as mentioned before).
> Your definition for RestrictedArea should be: RestrictedArea:
> 'method(Abgabe\Controller\ExerciseController->.*Action())'
>
> And your second error is your definition in ACL. If your user has the
> roles Student and Administrator the DENY definition will override every
> GRANT and access would be denied even you have the role Administrator.
> Please have a look at
> http://flow3.typo3.org/documentation/guide/partiii/security.html and
> search for "/Privilege evaluation".  /So DENY wouldn't be necessary at
> all since it's the default behavior.
>
> This is how I configured my FLOW3 1.1 for authentication:
>
> TYPO3:
>    FLOW3:
>      persistence:
>        backendOptions:
>          driver: 'pdo_mysql'
>          dbname: 'afsvn_dev'
>          user: 'afsvn_dev'
>          password: 'MYPASSWORD'
>          host: '127.0.0.1'
>
>      security:
>        authentication:
> #        authenticationStrategy: oneToken
>          providers:
>            DefaultProvider:
>              provider: PersistedUsernamePasswordProvider
>              entryPoint: 'WebRedirect'
>              entryPointOptions:
>                  uri: 'login.html'
>
> My Policy.yaml looks like yours.
>
> Greets
> Steffen
>
>
>
> Am 14.08.2012 18:24, schrieb Martin:
>> Hi Oliver,
>>
>> thank you a lot!
>> But the security Framework is not getting his job done...
>>
>> I was looking at the BlogPackage for the Policy and Setting.
>>
>> Putting Settings in the Global Setting, still not working...
>>
>> I am not getting, why this isnt working...
>>
>> Cheers
>>
>> Martin
>>
>> On 08/14/2012 05:50 PM, Oliver Beck wrote:
>>> Am 14.08.2012 17:32, schrieb Martin:
>>>> Hi,
>>>>
>>>> unfortunately still not working.
>>>>
>>>> Somehow I got the feeling that it might be the Settings.yaml and/or
>>>> both Policy.yaml
>>>>
>>>> What is the best way to debug this behavior? No hints in any Logfile
>>>> why the security isn't working.
>>>>
>>>> Cheers
>>>>
>>>> Martin
>>>>
>>>> On 08/14/2012 05:17 PM, David Sporer wrote:
>>>>> Hi,
>>>>>
>>>>> I had a problem with the Policy.yaml last week and it turned out that
>>>>> I had
>>>>> to clear the cache manually when I was in Development mode.
>>>>> Try to delete all contents in Data/Temporary and try if it works
>>>>> afterwards.
>>>>>
>>>>> Regards
>>>>> David
>>>>>
>>>>> 2012/8/14 Oliver Beck<oli5188 at gmail.com>
>>>>>
>>>>>> Try this
>>>>>>
>>>>>> resources: methods: RestrictedArea:
>>>>>> 'method(Abgabe\ExerciseController->*.Action())'
>>>>>> #methods(\Abgabe\Controller\Ex erciseController->IndexAction())'
>>>>>>
>>>>>> '*' and '.' are inverted
>>>>>>
>>>>>> Kind Regards
>>>>>>
>>>>>> Oliver
>>>>>> Am 14.08.2012 16:10 schrieb "Martin"<titusmailing at googlemail.com>:
>>>>>>
>>>>>>> Hi List,
>>>>>>>
>>>>>>> I have again a beginner question with restricted Access on Classes
>>>>>>> and/or
>>>>>>> methods. Both restrictions are not working.
>>>>>>>
>>>>>>> My plan is to protect the whole Controller for being accessed.
>>>>>>> All my
>>>>>>> tryouts went wrong, doesn't matter what i put in RestrictedArea.
>>>>>>>
>>>>>>> My Policy.yaml:
>>>>>>>
>>>>>>> resources:
>>>>>>> methods:
>>>>>>> RestrictedArea: 'method(Abgabe\**ExerciseController->.*Action()**)'
>>>>>>> #methods(\Abgabe\Controller\**ExerciseController->**IndexAction())'
>>>>>>>
>>>>>>> roles:
>>>>>>> Student: []
>>>>>>> # Hiwi: [Student]
>>>>>>> Administrator: []
>>>>>>> acls:
>>>>>>> Student:
>>>>>>> methods:
>>>>>>> RestrictedArea: DENY
>>>>>>> Administrator:
>>>>>>> methods:
>>>>>>> RestrictedArea: GRANT
>>>>>>>
>>>>>>> ############# POLICY END ########
>>>>>>> My Package Settings.yaml
>>>>>>>
>>>>>>> TYPO3:
>>>>>>> FLOW3:
>>>>>>> security:
>>>>>>> enable: true
>>>>>>> authentication:
>>>>>>> # authenticationStrategy: oneToken
>>>>>>> providers:
>>>>>>> DefaultProvider:
>>>>>>> provider: PersistedUsernamePasswordProvi**der
>>>>>>> entryPoint: 'WebRedirect'
>>>>>>> entryPointOptions:
>>>>>>> uri: 'abgabe/exercise/'
>>>>>>>
>>>>>>> ############## SETTINGS END ###########
>>>>>>>
>>>>>>> Log in is working, also the added roles.
>>>>>>>
>>>>>>> Can someone give me a hint where to look, I don't get it from the
>>>>>>> manual
>>>>>>> neither the Conference or Blog-package.
>>>>>>>
>>>>>>> Many thanks in Advance!
>>>>>>>
>>>>>>> Greetz
>>>>>>>
>>>>>>> Martin
>>>>>>> ______________________________**_________________
>>>>>>> FLOW3-general mailing list
>>>>>>> FLOW3-general at lists.typo3.org
>>>>>>> http://lists.typo3.org/cgi-**bin/mailman/listinfo/flow3-**general<
>>>>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> FLOW3-general mailing list
>>>>>> FLOW3-general at lists.typo3.org
>>>>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>>>>>>
>>>> _______________________________________________
>>>> FLOW3-general mailing list
>>>> FLOW3-general at lists.typo3.org
>>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>>> Sorry, in my last post was an error...
>>>
>>> Try this again:
>>>
>>>
>>> resources:
>>> methods:
>>> RestrictedArea:
>>> 'method(Abgabe\Controller\ExerciseController->*.Action())'
>>>
>>> Kind Regards
>>>
>>> Oliver
>>>
>>>
>>>
>> _______________________________________________
>> FLOW3-general mailing list
>> FLOW3-general at lists.typo3.org
>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>

More information about the FLOW3-general mailing list