This is my configuration:
#security.yml
security:
providers:
in_memory:
memory:
users:
user:
password: user
roles: 'ROLE_USER'
admin:
password: admin
roles: 'ROLE_ADMIN'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
anonymous: ~
access_denied_url: backoffice_access_denied
form_login:
login_path: /backoffice/login
check_path: /backoffice/login_check
logout:
path: /backoffice/logout
target: /backoffice
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/backoffice/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backoffice, roles: ROLE_ADMIN }
#routing.yml
backoffice_logout:
path: /backoffice/logout
backoffice_login_check:
path: /backoffice/login_check
Obviously I have a controller for the route /backoffice/login that renders the login form with the right input name (_username, _password).
when I compile the form if I enter the wrong username and password data I rightly appears bad credential, but if I enter the correct data I'm redirected back to the login page as an anonymous user.
Some app/logs...
[2016-03-02 10:39:54] request.INFO: Matched route "backoffice_login_check". {"route_parameters":{"_route":"backoffice_login_check"},"request_uri":"http://DOMAIN/backoffice/login_check"} []
[2016-03-02 10:39:54] security.INFO: User has been authenticated successfully. {"username":"admin"} []
[2016-03-02 10:39:54] event.DEBUG: Listener "Symfony\Component\Security\Http\Firewall::onKernelRequest" stopped propagation of the event "kernel.request". [] []
[2016-03-02 10:39:54] event.DEBUG: Listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest" was not called for event "kernel.request". [] []
[2016-03-02 10:39:54] security.DEBUG: Stored the security token in the session. {"key":"_security_secured_area"} []
[2016-03-02 10:39:54] request.INFO: Matched route "backoffice_index_lead". {"route_parameters":{"_controller":"XXX\\AppBundle\\Controller\\DefaultController::leadAction","_route":"backoffice_index_lead"},"request_uri":"http://DOMAIN/backoffice/lead"} []
[2016-03-02 10:39:54] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-03-02 10:39:54] security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at /site/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php:70)"} []
[2016-03-02 10:39:54] security.DEBUG: Calling Authentication entry point. [] []
How you can see at line 2 login was done successfully but when the controller redirect to the secured are i obtain access denied (line 8)
Where am I wrong? Thank you.
EDIT:
This is my config.yml
framework:
#esi: ~
#translator: { fallbacks: ["%locale%"] }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
#serializer: { enable_annotations: true }
templating:
engines: ['twig']
packages:
v_assets:
version: %app.assets_version%
version_format: "assets/%%2$s/%%1$s"
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
handler_id: ~
fragments: ~
http_method_override: true
EDIT2:
My symfony project running on NGNIX/HHVM.
