Bug #33078
No Redirect to Login
| Status: | New | Start date: | 2012-01-10 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | FLOW3 version affected: | FLOW3 1.0.2 | |
| Votes: | 0 |
Description
I think this is a Bug with the Security Subsystem.
I'm only getting a Exception when i'm not login or i've no rights to access the controller.
But i'm awaiting a redirect to login when i've no Login Data or?
i've attached my policy and setting yaml file.
You are not allowed to perform this action. 10 TYPO3\FLOW3\Security\Authorization\Interceptor\AccessDeny_Original::invoke() 9 TYPO3\FLOW3\Security\Authorization\RequestFilter_Original::filterRequest(TYPO3\FLOW3\MVC\Web\Request) 8 TYPO3\FLOW3\Security\Authorization\FilterFirewall_Original::blockIllegalRequests(TYPO3\FLOW3\MVC\Web\Request) 7 TYPO3\FLOW3\Security\Aspect\RequestDispatchingAspect_Original::blockIllegalRequestsAndForwardToAuthenticationEntryPoints(TYPO3\FLOW3\AOP\JoinPoint) 6 TYPO3\FLOW3\AOP\Advice\AroundAdvice_Original::invoke(TYPO3\FLOW3\AOP\JoinPoint) 5 TYPO3\FLOW3\AOP\Advice\AdviceChain_Original::proceed(TYPO3\FLOW3\AOP\JoinPoint) 4 TYPO3\FLOW3\MVC\Dispatcher::dispatch(TYPO3\FLOW3\MVC\Web\Request, TYPO3\FLOW3\MVC\Web\Response) 3 TYPO3\FLOW3\MVC\Web\RequestHandler_Original::handleRequest() 2 TYPO3\FLOW3\Core\Bootstrap::handleWebRequest() 1 TYPO3\FLOW3\Core\Bootstrap::run() Please include more helpful information!
Related issues
| related to TYPO3.Flow - Bug #33055: AccessDeniedException instead of WebRedirect | New | 2012-01-09 |
History
Updated by Jörg Ohnheiser over 1 year ago
- File Policy.yaml added
- File Settings.yaml added
Updated by Jörg Ohnheiser over 1 year ago
Similar to http://forge.typo3.org/issues/33055
Updated by Johannes K over 1 year ago
Did you try to call the protected action manually, or via a Fluid generated link?
I'm asking, because to call protected action you also need to pass a csrfToken in the URL.
If the link is generated by Fluid, the URL contains the csrfToken automatically.
Another option is to annotate the action with @FLOW3\SkipCsrfProtection.
No real documentation for this yet, but here is an explanation:
[[http://media.netlogix.de/community/details/artikel/csrf-protection-in-typo3-phoenix-kindly-provided-by-flow3]]
Updated by Karsten Dambekalns over 1 year ago
- Category changed from - Error Handler Report - to Security