[Flow] Strange Issues with sessions and ACLs

Christian Loock chl at vkf-renzel.de
Wed Sep 25 08:53:16 CEST 2013 

So for thos curious: it seems like there is a bug we couldnt determine 
further in the current development head of flow. After changing back to 
2.0, everything works again.

Am 19.09.2013 11:43, schrieb Frans Saris:
> Hi,
>
> My expirence is that Anonynous does not work. You have to exclude the
> controller functions from the permission checks.
>
> Search the mailinglist archive for some more info and examples
>
> Gr. Frans
> Op 19 sep. 2013 10:10 schreef "Christian Loock" <chl at vkf-renzel.de> het
> volgende:
>
>> Hello fellow Flowers,
>>
>> I have encountered some unexpected behaviour when trying to create a
>> Controller that should not be guarded by Flows Security Framework.
>>
>> I created a controller that should be viewable by everybody. I added it to
>> the Policy.yaml of my package as follows:
>>
>> resources:
>>     methods:
>>         VKF.Admin.UploadController: 'method(VKF\Admin\Controller\**
>> UploadController->.*())'
>>
>> acls:
>>    Anonymous:
>>      methods:
>>        VKF.Admin.UploadController: GRANT
>>    Everybody:
>>      methods:
>>        VKF.Admin.UploadController: GRANT
>>
>>
>> However, whenever I try to call the controller I get redirected to the
>> login action of my auth controller. I am not logged in. What is even more
>> strange, is the error I get after I got redirected:
>>
>> #1: Notice: unserialize() [<a href='function.unserialize'>**function.unserialize</a>]:
>> Error at offset 5337 of 5396 bytes in /home/www/flow_vkf_search_chl/**
>> Packages/Framework/TYPO3.Flow/**Classes/TYPO3/Flow/Cache/**Frontend/VariableFrontend.php
>> line 86
>>
>> To get rid of this error, I need to delete my Session cookie.
>>
>> The cookie is created, when I call my controller.
>>
>> Here is also a message from my Security.log
>>
>> 13-09-19 10:07:00 60744      10.2.0.14      NOTICE Flow
>> Authentication failed: "Could not authenticate any token. Might be missing
>> or wrong credentials or no authentication provider matched." #1222204027
>> 13-09-19 10:07:00 60744      10.2.0.14      NOTICE Flow
>> Authentication failed: "Could not authenticate any token. Might be missing
>> or wrong credentials or no authentication provider matched." #1222204027
>> 13-09-19 10:07:00 60744      10.2.0.14      INFO Flow
>> Redirecting to authentication entry point with URI - undefined -
>>
>> In the docs it is stated as follows:
>>
>> TYPO3 Flow will always add the magic Everybody role, which you don't have
>> to configure yourself. This role will also be present, if no account is
>> authenticated.
>>
>> So, I dont really understand why I am redirected to the login, even though
>> i granted the controller to everybody....
>>
>>
>> Any ideas what I could have done wrong here?
>>
>>
>> ______________________________**_________________
>> Flow mailing list
>> Flow at lists.typo3.org
>> http://lists.typo3.org/cgi-**bin/mailman/listinfo/flow<http://lists.typo3.org/cgi-bin/mailman/listinfo/flow>
>>
> _______________________________________________
> Flow mailing list
> Flow at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow

More information about the Flow mailing list