Error 500 rose on 'AccessDeniedException' #20233
Comments
|
You should not see a 500 response. Are you sure that this is triggered by Symfony core and not by one of your own exceptions? Can you show an example that reproduces your issue (best by forking the Symfony Standard Edition and making the necessary changes)? |
|
The controller for this route only returns a 'Hello World' message so the exception is triggered by Symfony. In my security.yml I just set up a simple firewall on this route disabling anonymous auth and enabling security like this : |
|
Please give us more information. Which errors are logged in your log file? What is the full stack trace you see when you try to access the controller in the dev environment? |
|
Here is the log : And here is the stacktrace : |
|
@Cypaubr I just tried to reproduce your issue, but was not able to do so. Can you please fork the Symfony Standard Edition and make the changes that are necessary to reproduce it? Which Symfony version do you use? |
|
I do that quickly! I run Symfony 3.0.9. |
|
Similar to (or duplicate of) #8467 |
|
@Cypaubr any news? |
|
Closing due to the lack of feedback. @Cypaubr please feel free to leave a comment when you came up with a reproducable scenario. But please also be aware that we will have to be able to reproduce your issue with Symfony 3.1 as 3.0 is not maintained anymore (and I suggest to update your application to 3.1). |
|
Hi First create a new symfony project (currently 3.1.7) Launch the webserver Add the following at the end of app/config/security.yml Then browse to http://localhost:8000/ |
|
@jclg this is what's happening when you use the code that you shared:
if (!$this->accessDecisionManager->decide($token, $attributes, $request)) {
throw new AccessDeniedException();
}
if (null !== $this->logger) {
$this->logger->debug('Access denied, the user is not fully authenticated; redirecting to authentication entry point.', array('exception' => $exception));
}
try {
$insufficientAuthenticationException = new InsufficientAuthenticationException('Full authentication is required to access this resource.', 0, $exception);
$insufficientAuthenticationException->setToken($token);
$event->setResponse($this->startAuthentication($event->getRequest(), $insufficientAuthenticationException));
} catch (\Exception $e) {
$event->setException($e);
}If you open the log file, you'll see the
private function startAuthentication(Request $request, AuthenticationException $authException)
{
if (null === $this->authenticationEntryPoint) {
throw $authException;
}
// ...
}
So, I'd say that this is the expected behavior in this case and this is not a bug. |
|
@javiereguiluz In my case I am using an authentication mechanism (form login) and I still see a 500 error... |
|
@Cypaubr in that case please provide steps to reproduce your issue. Steps provided by @jclg (thank you!) are not sufficient as @javiereguiluz explained. |
|
@javiereguiluz I am sorry but you're wrong. |
|
@MacSim75 don't be sorry 😄 I'm wrong lots of times every day 😅 In order to reproduce this bug and reopen it, we'd nee the detailed steps to reproduce it. Even better if you could share a simple Symfony project in GitHub reproducing this issue. Thanks! |
|
Well what you say is not entirely wrong. You made a really good explaination on "what happen". |
|
I guess you were finally right, it's the expected behavior as said in https://symfony.com/doc/current/security/access_control.html :
I still don't understand that behavior. |
When the user tries to access a route needing an user authentication using the Anonymous account, a HTTP 500 error is rose. Why not a 403? Is there any way to rise a 403?
The text was updated successfully, but these errors were encountered: