Giter Club home page Giter Club logo

Comments (6)

slashfan avatar slashfan commented on May 22, 2024 13

Hi,

Have you tried adding anonymous: true to the api firewall configuration ? Like this :

api:
    pattern:   ^/api
    stateless: true
    anonymous: true
    lexik_jwt: 
        # ... rest of your config

It worked for me in the sandbox.

from lexikjwtauthenticationbundle.

JellyBellyDev avatar JellyBellyDev commented on May 22, 2024

Well work!
However if i add another controller without it putting in access_control, so it have the routes protected.
If i call this controller with angular i receive 403 and not 401, and so i don't show modal login.
I receive 403 also without check isGranted('ROLE_USER') in action. Instead I should receive 401 (imho)
In a nutshell, what I would do, is to have some public action and some protected action.
If i logged as ROLE_USER it's right receive a 403 if i call an action with check isGranted('ROLE_ADMIN'), but in all other cases I should always receive 401.
It's bad?
Thanks

from lexikjwtauthenticationbundle.

slashfan avatar slashfan commented on May 22, 2024

Hi,

Sorry I didn't really understand. But I think the problem you have is more related to your app and its security design than this bundle.

The bundle only returns a 401 if it finds a json web token in the request and cannot match it against a user. Everything else is handled by symfony and your own config / logic.

from lexikjwtauthenticationbundle.

JellyBellyDev avatar JellyBellyDev commented on May 22, 2024

Thank you for your response.
Sorry if I can not explain.
So you say that if I add a new controller to the sandbox is normal that I get 403 instead 401?

from lexikjwtauthenticationbundle.

slashfan avatar slashfan commented on May 22, 2024

You should read this : 401 is for authentication (which the job of this bundle) and 403 is for authorization (which is handled by symfony roles, security voters and access control) either through the access_control in your security configuration or directly from your controllers, in the @secure annotation or the calls to the isGranted() method.

Maybe you should try to make your app security system work with a standard form login, and when everything works fine then switch to JWT. But first make sure your roles, permissions and access control are properly set.

from lexikjwtauthenticationbundle.

JellyBellyDev avatar JellyBellyDev commented on May 22, 2024

Ok! Now it's all clear!
Thank you so much Nicolas!

from lexikjwtauthenticationbundle.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.