Brent Brent - 4 months ago 12
PHP Question

Access Denied Symfony 2

I have been working on a logging in page for an APP im currently building. Its running checks fine but when the user is redirected to /secure_area I see the current error.


Access Denied 403 Forbidden - AccessDeniedHttpException 1 linked Exception:

AccessDeniedException »



My Code so far

security.yml

security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Simple\ProfileBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1

role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
main:
entity:
class: Simple\ProfileBundle\Entity\User
property: username

firewalls:

secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false


access_control:
- { path: ^/secure_area, roles: ROLE_ADMIN }


*routing_dev.yml*

index:
pattern: /
defaults: { _controller: SimpleProfileBundle:Security:login }


login:
pattern: /login
defaults: { _controller: SimpleProfileBundle:Security:login }


login_check:
pattern: /login_check

test_security:
pattern: /secure_area
defaults: {_controller: SimpleProfileBundle:Security:dumpString }


Any ideas, im new to this framework so starting to understand the basics.

Thanks

Answer

Access Denied means that logged user have no permissions to access the resource. I presume that your users does not have ROLE_ADMIN or ROLE_USER role. There's no other way if your user has been successfully loggedn in.

From the other side, why not using FOSUserBundle? It's way better for beginners to understand how the whole process work (just read the code and he Security component documentation). Security component is one of the hardest to understand as some "things" happen behind the scenes so you need to fully understand how the component work to make sure you're not making any silly errors.

Really, reading carefully linked documentation would be a perfect start, just ignore the tutorials for now.