Bug #33078

No Redirect to Login

Added by Jörg Ohnheiser almost 10 years ago. Updated over 9 years ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2012-01-10
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

I think this is a Bug with the Security Subsystem.

I'm only getting a Exception when i'm not login or i've no rights to access the controller.

But i'm awaiting a redirect to login when i've no Login Data or?

i've attached my policy and setting yaml file.

You are not allowed to perform this action.
10 TYPO3\FLOW3\Security\Authorization\Interceptor\AccessDeny_Original::invoke()

9 TYPO3\FLOW3\Security\Authorization\RequestFilter_Original::filterRequest(TYPO3\FLOW3\MVC\Web\Request)

8 TYPO3\FLOW3\Security\Authorization\FilterFirewall_Original::blockIllegalRequests(TYPO3\FLOW3\MVC\Web\Request)

7 TYPO3\FLOW3\Security\Aspect\RequestDispatchingAspect_Original::blockIllegalRequestsAndForwardToAuthenticationEntryPoints(TYPO3\FLOW3\AOP\JoinPoint)

6 TYPO3\FLOW3\AOP\Advice\AroundAdvice_Original::invoke(TYPO3\FLOW3\AOP\JoinPoint)

5 TYPO3\FLOW3\AOP\Advice\AdviceChain_Original::proceed(TYPO3\FLOW3\AOP\JoinPoint)

4 TYPO3\FLOW3\MVC\Dispatcher::dispatch(TYPO3\FLOW3\MVC\Web\Request, TYPO3\FLOW3\MVC\Web\Response)

3 TYPO3\FLOW3\MVC\Web\RequestHandler_Original::handleRequest()

2 TYPO3\FLOW3\Core\Bootstrap::handleWebRequest()

1 TYPO3\FLOW3\Core\Bootstrap::run()

Please include more helpful information!

Files

Policy.yaml (517 Bytes) Policy.yaml Jörg Ohnheiser, 2012-01-10 08:37
Settings.yaml (536 Bytes) Settings.yaml Jörg Ohnheiser, 2012-01-10 08:37

Related issues

Related to TYPO3.Flow - Bug #33055: AccessDeniedException instead of WebRedirectNew2012-01-09

Actions
#3

Updated by Johannes K almost 10 years ago

Did you try to call the protected action manually, or via a Fluid generated link?
I'm asking, because to call protected action you also need to pass a csrfToken in the URL.
If the link is generated by Fluid, the URL contains the csrfToken automatically.

Another option is to annotate the action with @FLOW3\SkipCsrfProtection.

No real documentation for this yet, but here is an explanation:
[[http://media.netlogix.de/community/details/artikel/csrf-protection-in-typo3-phoenix-kindly-provided-by-flow3]]

#4

Updated by Karsten Dambekalns over 9 years ago

  • Category changed from - Error Handler Report - to Security

Also available in: Atom PDF