[Flow] Policy: different behaviour when switch context
Cornel Widmer
cornel at webstobe.ch
Thu May 7 14:47:02 CEST 2015
Hi folks
I've run into a problem after switching the context of my application. In Development context everything runs fine with my Policy.yaml. Then I switched the context and the very first page didn't work anymore.
I started to google around and found the information that in Flow 2.3. an acl for "everbody" is not needed anymore.
After adding a special Policy.yaml in a subfolder "Production" with an acl for "Everybody" the first page started to work again. In the same Controller "StartController.php" is the authenticateAction for the login. After entering the credentiels a 403 error appears wich means "forbidden".
Why does the first page works in production context with the role "Everybody"? But why did the login not work?
Why is there a difference between those contexts?
Attached my Policy.yaml for both Contexts and this is the exception message:
httpd/wks/Data/Temporary/Production/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Security_Authorization_RequestFilter.php: You are not allowed to perform this action.
begin 644 development.policy.txt
M<F]L97,Z#0H@(%9I<VET;W(Z(%M=#0H@($5M<&QO>65E.B!;70T*("!!9&UI
M;FES=')A=&]R.B!;70T*<F5S;W5R8V5S. at T*("!M971H;V1S. at T*("`@(%=E
M8G-T;V)E+D-U<W1O;65R<RY!8V-O=6YT.B`G;65T:&]D*%=E8G-T;V)E7$-U
M<W1O;65R<UQ#;VYT<F]L;&5R7$%C8V]U;G1#;VYT<F]L;&5R+3XN*D%C=&EO
M;B at I*2<-"B`@("!796)S=&]B92Y#=7-T;VUE<G,N061M:6XZ("=M971H;V0H
M5V5B<W1O8F5<0W5S=&]M97)S7$%D;6EN7$-O;G1R;VQL97)<+BI#;VYT<F]L
M;&5R+3XN*D%C=&EO;B at I*2<-"B`@("!796)S=&]B92Y#=7-T;VUE<G,N061M
M:6XN3&]G.B`G;65T:&]D*%=E8G-T;V)E7$-U<W1O;65R<UQ!9&UI;EQ#;VYT
M<F]L;&5R7$QO9T-O;G1R;VQL97(M/BXJ06-T:6]N*"DI)PT*("`@(%=E8G-T
M;V)E+D-U<W1O;65R<RY!9&UI;BY3=&%R=#H@)VUE=&AO9"A796)S=&]B95Q#
M=7-T;VUE<G-<061M:6Y<0V]N=')O;&QE<EQ3=&%R=$-O;G1R;VQL97(M/BXJ
M06-T:6]N*"DI)PT*("`@(%=E8G-T;V)E+D-U<W1O;65R<RY!9&UI;BY3>6YC
M.B`G;65T:&]D*%=E8G-T;V)E7$-U<W1O;65R<UQ!9&UI;EQ#;VYT<F]L;&5R
M7%-Y;F-#;VYT<F]L;&5R+3XN*D%C=&EO;B at I*2<-"B`@("!796)S=&]B92Y#
M=7-T;VUE<G,N061M:6XN57-E<CH@)VUE=&AO9"A796)S=&]B95Q#=7-T;VUE
M<G-<061M:6Y<0V]N=')O;&QE<EQ5<V5R0V]N=')O;&QE<BT^+BI!8W1I;VXH
M*2DG#0H@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<SH@)VUE=&AO
M9"A796)S=&]B95Q#=7-T;VUE<G-<0W5S=&]M97)S7$-O;G1R;VQL97)<+BI#
M;VYT<F]L;&5R+3XN*D%C=&EO;B at I*2<-"B`@("!796)S=&]B92Y#=7-T;VUE
M<G,N0W5S=&]M97)S+D%D9')E<W,Z("=M971H;V0H5V5B<W1O8F5<0W5S=&]M
M97)S7$-U<W1O;65R<UQ#;VYT<F]L;&5R7$%D9')E<W-#;VYT<F]L;&5R+3XN
M*D%C=&EO;B at I*2<-"B`@("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S
M+D-U<W1O;65R.B`G;65T:&]D*%=E8G-T;V)E7$-U<W1O;65R<UQ#=7-T;VUE
M<G-<0V]N=')O;&QE<EQ#=7-T;VUE<D-O;G1R;VQL97(M/BXJ06-T:6]N*"DI
M)PT*("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N1&%T86)A<V4Z
M("=M971H;V0H5V5B<W1O8F5<0W5S=&]M97)S7$-U<W1O;65R<UQ#;VYT<F]L
M;&5R7$1A=&%B87-E0V]N=')O;&QE<BT^+BI!8W1I;VXH*2DG#0H@("`@5V5B
M<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<RY$871A4VAE970Z("=M971H;V0H
M5V5B<W1O8F5<0W5S=&]M97)S7$-U<W1O;65R<UQ#;VYT<F]L;&5R7$1A=&%3
M:&5E=$-O;G1R;VQL97(M/BXJ06-T:6]N*"DI)PT*("`@(%=E8G-T;V)E+D-U
M<W1O;65R<RY#=7-T;VUE<G,N16UA:6PZ("=M971H;V0H5V5B<W1O8F5<0W5S
M=&]M97)S7$-U<W1O;65R<UQ#;VYT<F]L;&5R7$5M86EL0V]N=')O;&QE<BT^
M+BI!8W1I;VXH*2DG#0H@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R
M<RY-86EL4V5R=F5R.B`G;65T:&]D*%=E8G-T;V)E7$-U<W1O;65R<UQ#=7-T
M;VUE<G-<0V]N=')O;&QE<EQ-86EL4V5R=F5R0V]N=')O;&QE<BT^+BI!8W1I
M;VXH*2DG#0H@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<RY397)V
M97(Z("=M971H;V0H5V5B<W1O8F5<0W5S=&]M97)S7$-U<W1O;65R<UQ#;VYT
M<F]L;&5R7%-E<G9E<D-O;G1R;VQL97(M/BXJ06-T:6]N*"DI)PT*("`@(%=E
M8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N3&]G:6XZ("=M971H;V0H5V5B
M<W1O8F5<0W5S=&]M97)S7$-U<W1O;65R<UQ#;VYT<F]L;&5R7$QO9VEN0V]N
M=')O;&QE<BT^+BI!8W1I;VXH*2DG#0H@("`@5V5B<W1O8F4N0W5S=&]M97)S
M+E-Y<W1E;3H@)VUE=&AO9"A796)S=&]B95Q#=7-T;VUE<G-<4WES=&5M7$-O
M;G1R;VQL97)<+BI#;VYT<F]L;&5R+3XN*D%C=&EO;B at I*2<-"F%C;',Z#0H@
M(%9I<VET;W(Z#0H@("`@;65T:&]D<SH-"B`@("`@(%=E8G-T;V)E+D-U<W1O
M;65R<RY!8V-O=6YT.B!'4D%.5`T*("!%;7!L;WEE93H-"B`@("!M971H;V1S
M. at T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D%C8V]U;G0Z($=204Y4#0H@
M("`@("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S.B!'4D%.5`T*("`@
M("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<RY!9&1R97-S.B!'4D%.
M5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<RY#=7-T;VUE
M<CH at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N
M1&%T86)A<V4Z($=204Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N0W5S
M=&]M97)S+D1A=&%3:&5E=#H at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O
M;65R<RY#=7-T;VUE<G,N16UA:6PZ($=204Y4#0H@("`@("!796)S=&]B92Y#
M=7-T;VUE<G,N0W5S=&]M97)S+DUA:6Q397)V97(Z($=204Y4#0H@("`@("!7
M96)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S+E-E<G9E<CH at 1U)!3E0-"B`@
M("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N3&]G:6XZ($=204Y4
M#0H@($%D;6EN:7-T<F%T;W(Z#0H@("`@;65T:&]D<SH-"B`@("`@(%=E8G-T
M;V)E+D-U<W1O;65R<RY!8V-O=6YT.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N
M0W5S=&]M97)S+D%D;6EN.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M
M97)S+D%D;6EN+DQO9SH at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R
M<RY!9&UI;BY3=&%R=#H at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R
M<RY!9&UI;BY3>6YC.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S
M+D%D;6EN+E5S97(Z($=204Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N
M0W5S=&]M97)S.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U
M<W1O;65R<RY!9&1R97-S.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M
M97)S+D-U<W1O;65R<RY#=7-T;VUE<CH at 1U)!3E0-"B`@("`@(%=E8G-T;V)E
M+D-U<W1O;65R<RY#=7-T;VUE<G,N1&%T86)A<V4Z($=204Y4#0H@("`@("!7
M96)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S+D1A=&%3:&5E=#H at 1U)!3E0-
M"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N16UA:6PZ($=2
M04Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S+DUA:6Q3
M97)V97(Z($=204Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M
M97)S+E-E<G9E<CH at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#
M=7-T;VUE<G,N3&]G:6XZ($=204Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE
0<G,N4WES=&5M.B!'4D%.5```
`
end
begin 644 production.policy.txt
M<F]L97,Z#0H@(%9I<VET;W(Z(%M=#0H@($5M<&QO>65E.B!;70T*("!!9&UI
M;FES=')A=&]R.B!;70T*<F5S;W5R8V5S. at T*("!M971H;V1S. at T*("`@(%=E
M8G-T;V)E+D-U<W1O;65R<RY3=&%R=#H@)VUE=&AO9"A796)S=&]B95Q#=7-T
M;VUE<G-<0V]N=')O;&QE<EQ3=&%R=$-O;G1R;VQL97(M/BXJ06-T:6]N*"DI
M)PT*("`@(%=E8G-T;V)E+D-U<W1O;65R<RY!8V-O=6YT.B`G;65T:&]D*%=E
M8G-T;V)E7$-U<W1O;65R<UQ#;VYT<F]L;&5R7$%C8V]U;G1#;VYT<F]L;&5R
M+3XN*D%C=&EO;B at I*2<-"B`@("!796)S=&]B92Y#=7-T;VUE<G,N061M:6XZ
M("=M971H;V0H5V5B<W1O8F5<0W5S=&]M97)S7$%D;6EN7$-O;G1R;VQL97)<
M+BI#;VYT<F]L;&5R+3XN*D%C=&EO;B at I*2<-"B`@("!796)S=&]B92Y#=7-T
M;VUE<G,N061M:6XN3&]G.B`G;65T:&]D*%=E8G-T;V)E7$-U<W1O;65R<UQ!
M9&UI;EQ#;VYT<F]L;&5R7$QO9T-O;G1R;VQL97(M/BXJ06-T:6]N*"DI)PT*
M("`@(%=E8G-T;V)E+D-U<W1O;65R<RY!9&UI;BY3=&%R=#H@)VUE=&AO9"A7
M96)S=&]B95Q#=7-T;VUE<G-<061M:6Y<0V]N=')O;&QE<EQ3=&%R=$-O;G1R
M;VQL97(M/BXJ06-T:6]N*"DI)PT*("`@(%=E8G-T;V)E+D-U<W1O;65R<RY!
M9&UI;BY3>6YC.B`G;65T:&]D*%=E8G-T;V)E7$-U<W1O;65R<UQ!9&UI;EQ#
M;VYT<F]L;&5R7%-Y;F-#;VYT<F]L;&5R+3XN*D%C=&EO;B at I*2<-"B`@("!7
M96)S=&]B92Y#=7-T;VUE<G,N061M:6XN57-E<CH@)VUE=&AO9"A796)S=&]B
M95Q#=7-T;VUE<G-<061M:6Y<0V]N=')O;&QE<EQ5<V5R0V]N=')O;&QE<BT^
M+BI!8W1I;VXH*2DG#0H@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R
M<SH@)VUE=&AO9"A796)S=&]B95Q#=7-T;VUE<G-<0W5S=&]M97)S7$-O;G1R
M;VQL97)<+BI#;VYT<F]L;&5R+3XN*D%C=&EO;B at I*2<-"B`@("!796)S=&]B
M92Y#=7-T;VUE<G,N0W5S=&]M97)S+D%D9')E<W,Z("=M971H;V0H5V5B<W1O
M8F5<0W5S=&]M97)S7$-U<W1O;65R<UQ#;VYT<F]L;&5R7$%D9')E<W-#;VYT
M<F]L;&5R+3XN*D%C=&EO;B at I*2<-"B`@("!796)S=&]B92Y#=7-T;VUE<G,N
M0W5S=&]M97)S+D-U<W1O;65R.B`G;65T:&]D*%=E8G-T;V)E7$-U<W1O;65R
M<UQ#=7-T;VUE<G-<0V]N=')O;&QE<EQ#=7-T;VUE<D-O;G1R;VQL97(M/BXJ
M06-T:6]N*"DI)PT*("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N
M1&%T86)A<V4Z("=M971H;V0H5V5B<W1O8F5<0W5S=&]M97)S7$-U<W1O;65R
M<UQ#;VYT<F]L;&5R7$1A=&%B87-E0V]N=')O;&QE<BT^+BI!8W1I;VXH*2DG
M#0H@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<RY$871A4VAE970Z
M("=M971H;V0H5V5B<W1O8F5<0W5S=&]M97)S7$-U<W1O;65R<UQ#;VYT<F]L
M;&5R7$1A=&%3:&5E=$-O;G1R;VQL97(M/BXJ06-T:6]N*"DI)PT*("`@(%=E
M8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N16UA:6PZ("=M971H;V0H5V5B
M<W1O8F5<0W5S=&]M97)S7$-U<W1O;65R<UQ#;VYT<F]L;&5R7$5M86EL0V]N
M=')O;&QE<BT^+BI!8W1I;VXH*2DG#0H@("`@5V5B<W1O8F4N0W5S=&]M97)S
M+D-U<W1O;65R<RY-86EL4V5R=F5R.B`G;65T:&]D*%=E8G-T;V)E7$-U<W1O
M;65R<UQ#=7-T;VUE<G-<0V]N=')O;&QE<EQ-86EL4V5R=F5R0V]N=')O;&QE
M<BT^+BI!8W1I;VXH*2DG#0H@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O
M;65R<RY397)V97(Z("=M971H;V0H5V5B<W1O8F5<0W5S=&]M97)S7$-U<W1O
M;65R<UQ#;VYT<F]L;&5R7%-E<G9E<D-O;G1R;VQL97(M/BXJ06-T:6]N*"DI
M)PT*("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N3&]G:6XZ("=M
M971H;V0H5V5B<W1O8F5<0W5S=&]M97)S7$-U<W1O;65R<UQ#;VYT<F]L;&5R
M7$QO9VEN0V]N=')O;&QE<BT^+BI!8W1I;VXH*2DG#0H@("`@5V5B<W1O8F4N
M0W5S=&]M97)S+E-Y<W1E;3H@)VUE=&AO9"A796)S=&]B95Q#=7-T;VUE<G-<
M4WES=&5M7$-O;G1R;VQL97)<+BI#;VYT<F]L;&5R+3XN*D%C=&EO;B at I*2<-
M"B`@("!796)S=&]B92Y#=7-T;VUE<G,N4WES=&5M+E-T87)T.B`G;65T:&]D
M*%=E8G-T;V)E7$-U<W1O;65R<UQ3>7-T96U<0V]N=')O;&QE<EQ3=&%R=$-O
M;G1R;VQL97(M/BXJ06-T:6]N*"DI)PT*86-L<SH-"B`@179E<GEB;V1Y. at T*
M("`@(&UE=&AO9',Z#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N4W1A<G0Z
M($=204Y4#0H@(%9I<VET;W(Z#0H@("`@;65T:&]D<SH-"B`@("`@(%=E8G-T
M;V)E+D-U<W1O;65R<RY3=&%R=#H at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U
M<W1O;65R<RY!8V-O=6YT.B!'4D%.5`T*("!%;7!L;WEE93H-"B`@("!M971H
M;V1S. at T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+E-T87)T.B!'4D%.5`T*
M("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D%C8V]U;G0Z($=204Y4#0H@("`@
M("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S.B!'4D%.5`T*("`@("`@
M5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<RY!9&1R97-S.B!'4D%.5`T*
M("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<RY#=7-T;VUE<CH@
M1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N1&%T
M86)A<V4Z($=204Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M
M97)S+D1A=&%3:&5E=#H at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R
M<RY#=7-T;VUE<G,N16UA:6PZ($=204Y4#0H@("`@("!796)S=&]B92Y#=7-T
M;VUE<G,N0W5S=&]M97)S+DUA:6Q397)V97(Z($=204Y4#0H@("`@("!796)S
M=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S+E-E<G9E<CH at 1U)!3E0-"B`@("`@
M(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N3&]G:6XZ($=204Y4#0H@
M($%D;6EN:7-T<F%T;W(Z#0H@("`@;65T:&]D<SH-"B`@("`@(%=E8G-T;V)E
M+D-U<W1O;65R<RY3=&%R=#H at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O
M;65R<RY!8V-O=6YT.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S
M+D%D;6EN.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D%D;6EN
M+DQO9SH at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R<RY!9&UI;BY3
M=&%R=#H at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R<RY!9&UI;BY3
M>6YC.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D%D;6EN+E5S
M97(Z($=204Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S
M.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O;65R<RY!
M9&1R97-S.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+D-U<W1O
M;65R<RY#=7-T;VUE<CH at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R
M<RY#=7-T;VUE<G,N1&%T86)A<V4Z($=204Y4#0H@("`@("!796)S=&]B92Y#
M=7-T;VUE<G,N0W5S=&]M97)S+D1A=&%3:&5E=#H at 1U)!3E0-"B`@("`@(%=E
M8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N16UA:6PZ($=204Y4#0H@("`@
M("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S+DUA:6Q397)V97(Z($=2
M04Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N0W5S=&]M97)S+E-E<G9E
M<CH at 1U)!3E0-"B`@("`@(%=E8G-T;V)E+D-U<W1O;65R<RY#=7-T;VUE<G,N
M3&]G:6XZ($=204Y4#0H@("`@("!796)S=&]B92Y#=7-T;VUE<G,N4WES=&5M
M.B!'4D%.5`T*("`@("`@5V5B<W1O8F4N0W5S=&]M97)S+E-Y<W1E;2Y3=&%R
(=#H at 1U)!3E0`
`
end
More information about the Flow
mailing list