security in symfony 3

Question

I am using Symfony 3.2 and fos user bundle 2.0 I use the classic setup : "Getting Started With FOSUserBundle"

security:
always_authenticate_before_granting: true
encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt

role_hierarchy:
    ROLE_ADMIN:       ROLE_CLIENT

providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_token_generator: security.csrf.token_manager # Use form.csrf_provider instead for Symfony <2.4
        logout: true
        anonymous: ~

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, role: ROLE_ADMIN }
    - { path: ^/client, role: ROLE_CLIENT }

It work but something is strange : When I logout and navigate to public page it appears as I am always logged I need to manually reload the page in my browser to make the logout effective. ( I use the {% if is_granted('ROLE_ADMIN') %} in my template ) Is it a problem with my security configuration or a problem with cache memory? Some help will bee appreciated thank Vincent

score 0 · Answer 1 · answered May 04 '17 at 22:46

0

Try adding the ROLE_USER to your role hierarchy like this:

role_hierarchy:
    ROLE_CLIENT:    ROLE_USER
    ROLE_ADMIN:     ROLE_CLIENT

As stated in the docs: "Make sure every user has at least one role, or your user will look like they're not authenticated. A common convention is to give every user ROLE_USER." http://symfony.com/doc/current/security.html#roles

answered May 04 '17 at 22:46

Renan Taranto

562
4
8

Thank you , but it change nothing – V.Hure May 05 '17 at 17:34
Take a look at this also http://stackoverflow.com/questions/27783019/logout-does-not-destroy-clear-session-properly-in-fosuserbundle – Renan Taranto May 05 '17 at 17:52

security in symfony 3

1 Answers1