Bug #33078
No Redirect to Login
Status: | New | Start date: | 2012-01-10 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | - | % Done: | 0% |
|
Category: | Security | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | FLOW3 1.0.2 |
Description
I think this is a Bug with the Security Subsystem.
I'm only getting a Exception when i'm not login or i've no rights to access the controller.
But i'm awaiting a redirect to login when i've no Login Data or?
i've attached my policy and setting yaml file.
You are not allowed to perform this action. 10 TYPO3\FLOW3\Security\Authorization\Interceptor\AccessDeny_Original::invoke() 9 TYPO3\FLOW3\Security\Authorization\RequestFilter_Original::filterRequest(TYPO3\FLOW3\MVC\Web\Request) 8 TYPO3\FLOW3\Security\Authorization\FilterFirewall_Original::blockIllegalRequests(TYPO3\FLOW3\MVC\Web\Request) 7 TYPO3\FLOW3\Security\Aspect\RequestDispatchingAspect_Original::blockIllegalRequestsAndForwardToAuthenticationEntryPoints(TYPO3\FLOW3\AOP\JoinPoint) 6 TYPO3\FLOW3\AOP\Advice\AroundAdvice_Original::invoke(TYPO3\FLOW3\AOP\JoinPoint) 5 TYPO3\FLOW3\AOP\Advice\AdviceChain_Original::proceed(TYPO3\FLOW3\AOP\JoinPoint) 4 TYPO3\FLOW3\MVC\Dispatcher::dispatch(TYPO3\FLOW3\MVC\Web\Request, TYPO3\FLOW3\MVC\Web\Response) 3 TYPO3\FLOW3\MVC\Web\RequestHandler_Original::handleRequest() 2 TYPO3\FLOW3\Core\Bootstrap::handleWebRequest() 1 TYPO3\FLOW3\Core\Bootstrap::run() Please include more helpful information!
Related issues
History
#1 Updated by Jörg Ohnheiser over 3 years ago
- File Policy.yaml added
- File Settings.yaml added
#2 Updated by Jörg Ohnheiser over 3 years ago
Similar to http://forge.typo3.org/issues/33055
#3 Updated by Johannes K over 3 years ago
Did you try to call the protected action manually, or via a Fluid generated link?
I'm asking, because to call protected action you also need to pass a csrfToken in the URL.
If the link is generated by Fluid, the URL contains the csrfToken automatically.
Another option is to annotate the action with @FLOW3\SkipCsrfProtection.
No real documentation for this yet, but here is an explanation:
[[http://media.netlogix.de/community/details/artikel/csrf-protection-in-typo3-phoenix-kindly-provided-by-flow3]]
#4 Updated by Karsten Dambekalns over 3 years ago
- Category changed from - Error Handler Report - to Security