7

I have a symfony site which works and was developped for version 2.0.9. I tried to upgrade to the latest version (2.4.2) but now each time I try to even access the login page I get a redirection loop. Here is what the log says:

[2014-03-16 12:39:10] security.INFO: Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.) [] []

Here is my security.yml

security:
encoders:
    Starski\FrontBundle\Entity\User:
        algorithm:                      sha1
        iterations:                     1
        encode-as-base64:               false
role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    main:
         entity:                        { class: Starski\FrontBundle\Entity\User, property: mail }
firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    login:
        pattern:  ^/demo/secured/login$
        security: false

    index:
        pattern:                        ^/
        form_login:
            login_path:                 /login
            check_path:                 /auth
            default_target_path:        /index
            failure_handler:            starski.security.handler
            success_handler:            starski.security.handler

access_control:
    - { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }

Anybody know why this could happen ?

Improve this question
3
  • 1
    Could you please provide the contents of your security.yml? Sounds like there's a problem with the firewall configurations. Commented Mar 16, 2014 at 13:16
  • You'll find lots of informations in the UPGRADE-2.1.md. Commented Mar 16, 2014 at 21:03
  • I've added the contents of my security.yml Commented Mar 16, 2014 at 21:50

1 Answer 1

Reset to default
1

You can check the following:

  1. Your login_path is behind your firewall. This will never authenticate like this.
    Add this to your access control:
    - { path: ^(.*)/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

  2. login_path, check_path and default_target_path should be properly defined route names, not absolute urls.

  3. You have a provider defined ('main') which is never in use.
    Try adding provider: main to your form login authentication method.

Things to read:
http://symfony.com/doc/current/book/security.html#book-security-common-pitfalls http://symfony.com/doc/current/reference/configuration/security.html#the-login-form-and-process

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.