Symfony2, FOS userbundle, Full authentication is required to access this resource

1
votes

I use the FOSuserbunble, everything was working fine and now for the app_dev.php/login I have a "Full authentication is required to access this resource." 500 Internal Server Error - InsufficientAuthenticationException 1 linked Exception: AccessDeniedException »

My security.yml is

# you can read more about security in the related section of the documentation

http://symfony.com/doc/current/book/security.html

security: encoders: OandP\UserBundle\Entity\User: sha512

# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
    ROLE_ADMIN:       [ROLE_CONCIERGE]
    ROLE_SUPER_ADMIN: [ROLE_CONCIERGE, ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
    fos_userbundle:
        id: fos_user.user_provider.username

# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
    # … le pare-feu « dev »
    # Firewall principal pour le reste de notre site
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js|ws)/
        security: false

    main_login:
        pattern:   ^/login$
        anonymous: true
    main_resettingRequest:
        pattern:   /resetting/request$
        anonymous: true
    main_resettingSendEmailt:
        pattern:   /resetting/send-email$
        anonymous: true
    main_resettingCheckEmail:
        pattern:   /resetting/check-email$
        anonymous: true
    main:
        pattern:        ^/
        anonymous:      false
        provider:       fos_userbundle
        form_login:
            login_path: /login
            check_path: /login_check
            csrf_provider: form.csrf_provider
        logout:
            path:       /logout
            target:     /
            invalidate_session: false
        remember_me:
            key:        %secret%



# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/book/security.html#security-book-access-control-matching-options
access_control:
    #- { path: ^/members/hello, roles: IS_AUTHENTICATED_ANONYMOUSLY }

If someone has an idea Thank you so much for help

1
securitysymfonyfosuserbundle
There's currently a bug in Symfony that throws a 500 error where it should return a 401, which is the bug you are seeing here. It's been open for quite a while. github.com/symfony/symfony/issues/8467StampyCode

1 Answers

0
votes

You haven't set up any access_controls on your site:

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/profile, role: ROLE_USER }