[FLOW3-general] Problems with authentication and security

Felix Rupp felix.rupp at gmail.com
Tue Mar 5 14:05:05 CET 2013 

Hey guys,

I am developing a new version of an already existing WebApplication with TYPO3 Flow 2.0 (master-version catched with composer). The domain contains about 19 models with their corresponding repositories. 

As Flow does not provide a default backend (like Django for example does), I have to create a simplistic backend functionality for my clients. The only tasks of this backend is to access the controllers and create/edit/delete the objects. All other functionality is frontend related, separated in two parts: A terminal section and an "overview" section. 

The terminal section provides a controller with view for PC or Tabletop devices. Functionality is capsuled in this controller, primary no external action calls.
The overview section also has its own controller with view for normal PCs. It provides many actions which output lists and tables to provide analysis functions, again no external action calls.

I need to secure a part of the terminal, the full overview and the full backend. While overview and backend may be accessed with one and the same authentication provider, the terminal has its own, based on a unique QR-Code, passed to the employees on a business card (they log in with a QR-Code-Scanner at the terminal). I already implemented this QrCodeProvider with a corresponding QrCodeToken, so that’s not the problem.


The main problem I have is the routing. The Flow "Defenitive Guide" taught me how to build up specific routes to access my controller actions, for example without providing package key or controller name. The fundamentals are similar to Django URL-Routing, so basically that’s not a problem for me. 

The problems occur as I enable the security, add my authentication providers and tell them to route me to my "LoginController" with "(terminal|overview|backend)Action()" as soon as I access one of the secured areas. It always ends up in redirecting me to /My.Package/login/index. In fact, this indexAction is not existing in my LoginController. I can't find any clue, why this is happening. Any idea of what I’m doing wrong?

I know I’m asking for a big favor, but I’m struggling with these problems since several days and I have no clue what to do.


Thank you very much!

Felix Rupp


Some code snippets are appended, if you need more, just let me know, I will then upload the whole package (as is said: it’s really big).

I have deleted all routes for now, because I thought they were faulty.


## Policy.yaml
resources:
  methods:
    priviledgedTerminalMethods: 'method(Sim\SimOne\Controller\TerminalController->priviledged.*Action())' # All Terminal methods
    normalStandMethods: 'method(Sim\SimOne\Controller\StandController->normal.*Action())' # Normal Stand methods
    priviledgedStandMethods: 'method(Sim\SimOne\Controller\StandController->priviledged.*Action())' # Priviledged Stand methods
    backendMethods: 'class(Sim\SimOne\Controller\(Backend|Company|Country|Department|Duty|DutyType|FButton|FFunction|Job|Language|LoanUnit|Lockerbox|Member|Message|MobilePhone|Position|PresenceDate|PresenceDateType|Status|Title)Controller)' # All Backend methods

roles:
  Customer: [] # The base customer role
  
  Member: [] # The base member role
  PrivilegedMember: [Member] # The priviledged member roler, e.g. for reception
  Administrator: [PrivilegedMember] # The administrator role
  Singleaccess: [Member] # The demo role, which can only access specified backend controller actions.

acls:
  Member:
    methods:
      priviledgedTerminalMethods: GRANT
      normalStandMethods: GRANT
      
  PriviledgedMember:
    methods:
      priviledgedStandMethods: GRANT
      
  Administrator:
    methods:
      backendMethods: GRANT

## My own Package: Settings.yaml (security is enabled globally in the flow Settings.yaml)
TYPO3:
  Flow:
    security:
      authentication:
        providers:
          SimTerminalProvider:
            provider: Sim\SimOne\Security\Authentication\Provider\SimQrCodeProvider
            entryPoint: 'WebRedirect'
            entryPointOptions:
              routeValues:
                '@package': 'Sim.SimOne'
                '@controller': 'Login'
                '@action': 'terminal'
            requestPatterns:
              controllerObjectName: Sim\SimOne\TerminalController\.*
              
          SimStandProvider:
            provider: PersistedUsernamePasswordProvider
            tokenClass: UsernamePassword
            entryPoint: 'WebRedirect'
            entryPointOptions:
              routeValues:
                '@package': 'Sim.SimOne'
                '@controller': 'Login'
                '@action': 'stand'
            requestPatterns:
              controllerObjectName: Sim\SimOne\StandController\.*
         
          SimBackendProvider:
            provider: PersistedUsernamePasswordProvider
            tokenClass: UsernamePassword
            entryPoint: 'WebRedirect'
            entryPointOptions:
              routeValues:
                '@package': 'Sim.SimOne'
                '@controller': 'Login'
                '@action': 'backend'
            requestPatterns:
              controllerObjectName: Sim\SimOne\(Backend|Company|Country|Department|Duty|DutyType|FButton|FFunction|Job|Language|LoanUnit|Lockerbox|Member|Message|MobilePhone|Position|PresenceDate|PresenceDateType|Status|Title)Controller\.*
            


--
Ing. Felix Rupp, B. Sc.
Softwareingenieur, Webingenieur, Consultant & Coach

Robert-Schuman-Straße 20
35423 Lich
Deutschland

Web: http://www.felixrupp.com/

More information about the FLOW3-general mailing list