I have an admin area with login that we are forcing to https://. Hitting the route /admin should redirect to the login page if the user isn't logged in, but I'm getting an endless redirect loop. Not sure what's wrong, here's security.yml:
firewalls:
admin_login:
pattern: ^/admin/secured/login$
security: false
admin_secured_area:
pattern: ^/admin
provider: entity_admin
form_login:
check_path: /admin/secured/login_check
login_path: /admin/secured/login
default_target_path: /admin
logout:
path: /admin/secured/logout
target: /
access_control:
- { path: ^/admin/secured/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
Thanks for your help!
No need for a "admin_login" section in firewalls. But it looks like you forgot anonymous parameter..
firewalls:
admin_secured_area:
anonymous: ~
pattern: ^/admin
provider: entity_admin
form_login:
check_path: /admin/secured/login_check
login_path: /admin/secured/login
default_target_path: /admin
logout:
path: /admin/secured/logout
target: /
access_control:
- { path: ^/admin/secured/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
As I said in my comment, do you set ROLE_ADMIN role for logged users ?
EDIT: Does your routing state HTTPS channel too for admin section ?
After quick look I would say that something like this below should be correct:
firewalls:
admin_secured_area:
pattern: ^/admin
provider: entity_admin
form_login:
check_path: /admin/secured/login_check
login_path: /admin/secured/login
default_target_path: /admin
logout:
path: /admin/secured/logout
target: /
access_control:
- { path: ^/admin/secured/(login|login_check|logout)$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
Anyway, if this not help, I recommend to check the redirects with built-in profiler (tabs with route matches and logs), to turn it on the redirects change config_dev.yml
to:
web_profiler:
toolbar: true
intercept_redirects: true
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With