[FLOW3-general] How to secure a controller?

Steffen Wickham steffen at gaming-inc.de
Thu Jan 10 22:15:47 CET 2013 

Hi Axel,

it's not enough to define roles. You also have to define resources and
acls in your Policy.yaml as well.
Resources are name-value-pairs where the value is a pointcut expression,
that's where you define the controller. In the acls part you set, that
role "Administrator" has access to a named resource.

Your Policy.yaml have to look like this:
resources:
  entities: []
  methods:
    StandardController:
'method(Vendor\Package\Controller\StandardController->.*Action())'

# The security policy roles configuration
roles:
  Administrator: []

# The security policy acls configuration connects the resources with the
roles by assigning
# privileges. Here is an example configuration array:
acls:
  Administrator:
    methods:
      StandardController: GRANT

With these settings, you get redirected to the login page when there is
no authenticated token set.
Please have a look at further documentation:
http://flow.typo3.org/documentation/guide/partiii/security.html#policies-aka-access-control-lists-acls

Best regards
Steffen



Am 10.01.2013 21:46, schrieb Qbus | Axel Wüstemann:
> Hello,
>
> I simply want to redirect from the standard controller to the login
> controller if I'm not yet logged in. How to achive that? Or more
> generaly: How to secure a controller?
>
> What I did:
>
> 1. I made the appropriate settings
>
>     security:
>       authentication:
>         providers:
>           DefaultProvider:
>             provider: PersistedUsernamePasswordProvider
>             requestPatterns:
>               controllerObjectName: QBUS\BestDesQ\Controller\.*
>             entryPoint: 'WebRedirect'
>             entryPointOptions:
>               uri: login
>
> 2. I bult a policy
>
> roles:
>   Administrator: []
>
> If I call my standard controller by http:://bestdesq it shows the
> index action. Instead I would exepect it redirects to
> http:://bestdesq/login
>
> What code I have probably additional add to my controller(s)?
>
> Thank you
> Axel
> _______________________________________________
> FLOW3-general mailing list
> FLOW3-general at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general

More information about the Flow mailing list