[FLOW3-general] Authentication: Endless redirection loop when accessing protected controller

[Andreas Wolf]

Hi,

after a night full of debugging and several problems with the
authentication mechanism, I finally have a somewhat working
configuration. Phew...

One thing remains though: I had to switch the authentication strategy
to "any token". If I left the default, it would always end in a
redirection loop with these messages:

> Redirecting to authentication entry point with URI login
> Authentication failed: "Could not authenticate any token. Might be
> missing or wrong credentials or no authentication provider
> matched."

The problem now is that I only get "access denied" messages when
accessing protected controllers, not a redirect as before.

There is no policy that forbids displaying the LoginController (which is
the route target of the "login" url).
My authentication configuration looks like this:

>       authentication:
>         providers:
>           DefaultProvider:
>             provider: 'PersistedUsernamePasswordProvider'
>             requestPatterns:
>               controllerObjectName: 'MyPackage\Controller\.*'
>             entryPoint: 'WebRedirect'
>             entryPointOptions:
>               uri: 'login'
>       authorization:
>         allowAccessIfAllVotersAbstain: false
>       firewall:
>         rejectAll: FALSE
>         filters:
>           -
>             patternType: ControllerObjectName
>             patternValue: MyPackage\.*
>             interceptor: AccessGrant


I guess it's something really obvious that I'm missing here...


Cheers
Andreas