[Flow] Strange Issues with sessions and ACLs

Frans Saris franssaris at gmail.com
Thu Sep 19 11:43:33 CEST 2013 

Hi,

My expirence is that Anonynous does not work. You have to exclude the
controller functions from the permission checks.

Search the mailinglist archive for some more info and examples

Gr. Frans
Op 19 sep. 2013 10:10 schreef "Christian Loock" <chl at vkf-renzel.de> het
volgende:

> Hello fellow Flowers,
>
> I have encountered some unexpected behaviour when trying to create a
> Controller that should not be guarded by Flows Security Framework.
>
> I created a controller that should be viewable by everybody. I added it to
> the Policy.yaml of my package as follows:
>
> resources:
>    methods:
>        VKF.Admin.UploadController: 'method(VKF\Admin\Controller\**
> UploadController->.*())'
>
> acls:
>   Anonymous:
>     methods:
>       VKF.Admin.UploadController: GRANT
>   Everybody:
>     methods:
>       VKF.Admin.UploadController: GRANT
>
>
> However, whenever I try to call the controller I get redirected to the
> login action of my auth controller. I am not logged in. What is even more
> strange, is the error I get after I got redirected:
>
> #1: Notice: unserialize() [<a href='function.unserialize'>**function.unserialize</a>]:
> Error at offset 5337 of 5396 bytes in /home/www/flow_vkf_search_chl/**
> Packages/Framework/TYPO3.Flow/**Classes/TYPO3/Flow/Cache/**Frontend/VariableFrontend.php
> line 86
>
> To get rid of this error, I need to delete my Session cookie.
>
> The cookie is created, when I call my controller.
>
> Here is also a message from my Security.log
>
> 13-09-19 10:07:00 60744      10.2.0.14      NOTICE Flow
> Authentication failed: "Could not authenticate any token. Might be missing
> or wrong credentials or no authentication provider matched." #1222204027
> 13-09-19 10:07:00 60744      10.2.0.14      NOTICE Flow
> Authentication failed: "Could not authenticate any token. Might be missing
> or wrong credentials or no authentication provider matched." #1222204027
> 13-09-19 10:07:00 60744      10.2.0.14      INFO Flow
> Redirecting to authentication entry point with URI - undefined -
>
> In the docs it is stated as follows:
>
> TYPO3 Flow will always add the magic Everybody role, which you don't have
> to configure yourself. This role will also be present, if no account is
> authenticated.
>
> So, I dont really understand why I am redirected to the login, even though
> i granted the controller to everybody....
>
>
> Any ideas what I could have done wrong here?
>
>
> ______________________________**_________________
> Flow mailing list
> Flow at lists.typo3.org
> http://lists.typo3.org/cgi-**bin/mailman/listinfo/flow<http://lists.typo3.org/cgi-bin/mailman/listinfo/flow>
>

More information about the Flow mailing list