Comments (6)
Hi,
Have you tried adding anonymous: true
to the api
firewall configuration ? Like this :
api:
pattern: ^/api
stateless: true
anonymous: true
lexik_jwt:
# ... rest of your config
It worked for me in the sandbox.
from lexikjwtauthenticationbundle.
Well work!
However if i add another controller without it putting in access_control, so it have the routes protected.
If i call this controller with angular i receive 403 and not 401, and so i don't show modal login.
I receive 403 also without check isGranted('ROLE_USER')
in action. Instead I should receive 401 (imho)
In a nutshell, what I would do, is to have some public action and some protected action.
If i logged as ROLE_USER it's right receive a 403 if i call an action with check isGranted('ROLE_ADMIN')
, but in all other cases I should always receive 401.
It's bad?
Thanks
from lexikjwtauthenticationbundle.
Hi,
Sorry I didn't really understand. But I think the problem you have is more related to your app and its security design than this bundle.
The bundle only returns a 401 if it finds a json web token in the request and cannot match it against a user. Everything else is handled by symfony and your own config / logic.
from lexikjwtauthenticationbundle.
Thank you for your response.
Sorry if I can not explain.
So you say that if I add a new controller to the sandbox is normal that I get 403 instead 401?
from lexikjwtauthenticationbundle.
You should read this : 401 is for authentication (which the job of this bundle) and 403 is for authorization (which is handled by symfony roles, security voters and access control) either through the access_control in your security configuration or directly from your controllers, in the @secure annotation or the calls to the isGranted() method.
Maybe you should try to make your app security system work with a standard form login, and when everything works fine then switch to JWT. But first make sure your roles, permissions and access control are properly set.
from lexikjwtauthenticationbundle.
Ok! Now it's all clear!
Thank you so much Nicolas!
from lexikjwtauthenticationbundle.
Related Issues (20)
- If i generate token within one second it provides for me the same combination
- symfony 7 HOT 1
- [BUG] EnableEncryptionConfigCommand not supporting php7 HOT 1
- GHA improvements
- Version 2.20+ requiring php 7.1 >= but using arrow functions HOT 2
- Not compatible with PHP 8.2 HOT 2
- How to autowire cookieProvider dynamically (without cookie name)? HOT 1
- Split cookies are all set in the same string
- Generate JWT token using dynamic configuration
- Feature Request: Method for Manually Destroying Tokens HOT 3
- Custom JWT token key
- Generation documetation after onAuthenticationSuccessResponse
- Impersonate / Switch User HOT 3
- Can we tell this bundle not to use Redis? HOT 5
- Decoding JWS Fails when Payload is Empty
- Multiple JWT authenticators
- Wrong definition of AccessTokenBuilder HOT 1
- Fatal error Trait ForwardCompatAuthenticatorTrait not found on console cache:warmup command
- token no longer being created HOT 3
- Symfony 5.4 -> 6.4 upgrade problems HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lexikjwtauthenticationbundle.