CODEWITHSUNDEEP
phpsymfony
Brent
Brent

Reputation: 2485

Access Denied Symfony 2

I have been working on a logging in page for an APP im currently building. Its running checks fine but when the user is redirected to /secure_area I see the current error. 

Access Denied 403 Forbidden - AccessDeniedHttpException 1 linked Exception:

AccessDeniedException »

My Code so far

security.yml

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
        Simple\ProfileBundle\Entity\User:
            algorithm:        sha1
            encode_as_base64: false
            iterations:       1

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        main:
            entity:
                class: Simple\ProfileBundle\Entity\User
                property: username

    firewalls:

        secured_area:
            pattern:    ^/
            anonymous: ~
            form_login:
                login_path:  login
                check_path:  login_check
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false


    access_control:
          - { path: ^/secure_area, roles: ROLE_ADMIN }

*routing_dev.yml* 

index:
    pattern:   /
    defaults:  { _controller: SimpleProfileBundle:Security:login }


login:
    pattern:   /login
    defaults:  { _controller: SimpleProfileBundle:Security:login }


login_check:
    pattern:   /login_check

test_security:
    pattern: /secure_area
    defaults: {_controller: SimpleProfileBundle:Security:dumpString }

Any ideas, im new to this framework so starting to understand the basics.

Thanks

Upvotes: 1

Views: 9960

Answers (1)

Andrzej Ośmiałowski
Andrzej Ośmiałowski

Reputation: 1494

Access Denied means that logged user have no permissions to access the resource. I presume that your users does not have ROLE_ADMIN or ROLE_USER role. There's no other way if your user has been successfully loggedn in.

From the other side, why not using FOSUserBundle? It's way better for beginners to understand how the whole process work (just read the code and he Security component documentation). Security component is one of the hardest to understand as some "things" happen behind the scenes so you need to fully understand how the component work to make sure you're not making any silly errors.

Really, reading carefully linked documentation would be a perfect start, just ignore the tutorials for now.

Upvotes: 7

Related Questions