401 Unauthorized - Githubissues

ossplus commented 8 years ago

I follow the install document, I already added PrivilegeTarget to /neos-2.0/Configuration/Policy.yml And then view http:///shop/list, :

Uncaught Exception in Flow
#1222204027: Could not authenticate any token.

Might be missing or wrong credentials or no authentication provider matched.
Evaluated following 1 privilege target(s):
"TYPO3.Neos:AllControllerActions": ABSTAIN
(0 granted, 0 denied, 1 abstained)

More information
TYPO3\Flow\Security\Exception\NoTokensAuthenticatedException thrown in file
/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Security_Authorization_Interceptor_PolicyEnforcement.php in line 100.
Reference code: 20151113055828d4f24b

18 TYPO3\Flow\Security\Authorization\Interceptor\PolicyEnforcement_Original::invoke()

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Security_Aspect_PolicyEnforcementAspect.php:

00059:   if ($this->securityContext->areAuthorizationChecksDisabled() !== TRUE) {
00060:    $this->policyEnforcementInterceptor->setJoinPoint($joinPoint);

00061:    $this->policyEnforcementInterceptor->invoke();

00062:   }
00063: 

17 TYPO3\Flow\Security\Aspect\PolicyEnforcementAspect_Original::enforcePolicy(TYPO3\Flow\Aop\JoinPoint)

Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Aop/Advice/AroundAdvice.php:

00032:   $adviceObject = $this->objectManager->get($this->aspectObjectName);
00033:   $methodName = $this->adviceMethodName;

00034:   return $adviceObject->$methodName($joinPoint);

00035:  }
00036: }

16 TYPO3\Flow\Aop\Advice\AroundAdvice::invoke(TYPO3\Flow\Aop\JoinPoint)

Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Aop/Advice/AdviceChain.php:

00053:   $this->adviceIndex++;
00054:   if ($this->adviceIndex < count($this->advices)) {

00055:    $result = $this->advices[$this->adviceIndex]->invoke($joinPoint);

00056:   } else {
00057:    $result = $joinPoint->getProxy()->Flow_Aop_Proxy_invokeJoinpoint($joinPoint);

15 TYPO3\Flow\Aop\Advice\AdviceChain::proceed(TYPO3\Flow\Aop\JoinPoint)

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/Aimeos_Shop_Controller_CatalogController.php:

00709:     $adviceChain->rewind();
00710:     $joinPoint = new \TYPO3\Flow\Aop\JoinPoint($this, 'Aimeos\Shop\Controller\CatalogController', 'listAction', $methodArguments, $adviceChain);

00711:     $result = $adviceChain->proceed($joinPoint);

00712:     $methodArguments = $joinPoint->getMethodArguments();
00713: 

14 Aimeos\Shop\Controller\CatalogController::listAction()

13 call_user_func_array(array|2|, array|0|)

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Mvc_Controller_ActionController.php:

00406: 
00407:   if (!$validationResult->hasErrors()) {

00408:    $actionResult = call_user_func_array(array($this, $this->actionMethodName), $preparedArguments);

00409:   } else {
00410:    $actionIgnoredArguments = static::getActionIgnoredValidationArguments($this->objectManager);

12 TYPO3\Flow\Mvc\Controller\ActionController_Original::callActionMethod()

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Mvc_Controller_ActionController.php:

00173:   }
00174: 

00175:   $this->callActionMethod();

00176:  }
00177: 

11 TYPO3\Flow\Mvc\Controller\ActionController_Original::processRequest(TYPO3\Flow\Mvc\ActionRequest, TYPO3\Flow\Http\Response)

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Mvc_Dispatcher.php:

00148:    try {
00149:     $this->emitBeforeControllerInvocation($request, $response, $controller);

00150:     $controller->processRequest($request, $response);

00151:     $this->emitAfterControllerInvocation($request, $response, $controller);
00152:    } catch (StopActionException $exception) {

10 TYPO3\Flow\Mvc\Dispatcher_Original::initiateDispatchLoop(TYPO3\Flow\Mvc\ActionRequest, TYPO3\Flow\Http\Response)

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Mvc_Dispatcher.php:

00102:    /** @var ActionRequest $request */
00103:    $firewall->blockIllegalRequests($request);

00104:    $this->initiateDispatchLoop($request, $response);

00105:   } catch (AuthenticationRequiredException $exception) {
00106:    $entryPointFound = FALSE;

9 TYPO3\Flow\Mvc\Dispatcher_Original::dispatch(TYPO3\Flow\Mvc\ActionRequest, TYPO3\Flow\Http\Response)

8 call_user_func_array(array|2|, array|2|)

Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Object/DependencyInjection/DependencyProxy.php:

00092:   */
00093:  public function __call($methodName, array $arguments) {

00094:   return call_user_func_array(array($this->_activateDependency(), $methodName), $arguments);

00095:  }
00096: 

7 TYPO3\Flow\Object\DependencyInjection\DependencyProxy::__call("dispatch", array|2|)

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Mvc_DispatchComponent.php:

00100: 
00101:   $componentContext->setParameter('TYPO3\Flow\Mvc\DispatchComponent', 'actionRequest' ,$actionRequest);

00102:   $this->dispatcher->dispatch($actionRequest, $componentContext->getHttpResponse());

00103:  }
00104: 

6 TYPO3\Flow\Object\DependencyInjection\DependencyProxy::dispatch(TYPO3\Flow\Mvc\ActionRequest, TYPO3\Flow\Http\Response)

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Mvc_DispatchComponent.php:

00100: 
00101:   $componentContext->setParameter('TYPO3\Flow\Mvc\DispatchComponent', 'actionRequest' ,$actionRequest);

00102:   $this->dispatcher->dispatch($actionRequest, $componentContext->getHttpResponse());

00103:  }
00104: 

5 TYPO3\Flow\Mvc\DispatchComponent_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Http_Component_ComponentChain.php:

00051:     continue;
00052:    }

00053:    $component->handle($componentContext);

00054:    if ($componentContext->getParameter('TYPO3\Flow\Http\Component\ComponentChain', 'cancel') === TRUE) {
00055:     $componentContext->setParameter('TYPO3\Flow\Http\Component\ComponentChain', 'cancel', NULL);

4 TYPO3\Flow\Http\Component\ComponentChain_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)

/neos-2.0/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Http_Component_ComponentChain.php:

00051:     continue;
00052:    }

00053:    $component->handle($componentContext);

00054:    if ($componentContext->getParameter('TYPO3\Flow\Http\Component\ComponentChain', 'cancel') === TRUE) {
00055:     $componentContext->setParameter('TYPO3\Flow\Http\Component\ComponentChain', 'cancel', NULL);

3 TYPO3\Flow\Http\Component\ComponentChain_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)

Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Http/RequestHandler.php:

00105: 
00106:   $componentContext = new ComponentContext($this->request, $this->response);

00107:   $this->baseComponentChain->handle($componentContext);

00108: 
00109:   $this->response->send();

2 TYPO3\Flow\Http\RequestHandler::handleRequest()

Packages/Framework/TYPO3.Flow/Classes/TYPO3/Flow/Core/Bootstrap.php:

00110: 
00111:   $this->activeRequestHandler = $this->resolveRequestHandler();

00112:   $this->activeRequestHandler->handleRequest();

00113:  }
00114: 

1 TYPO3\Flow\Core\Bootstrap::run()

/neos-2.0/Web/index.php:

00025: $context = \TYPO3\Flow\Core\Bootstrap::getEnvironmentConfigurationSetting('FLOW_CONTEXT') ?: 'Development';
00026: $bootstrap = new \TYPO3\Flow\Core\Bootstrap($context);

00027: $bootstrap->run();

aimeos commented 8 years ago

The policy configuration has been added via a pull request by @mrimann: https://github.com/aimeos/aimeos-flow/issues/7

Maybe he can tell you why this has happened

mrimann commented 8 years ago

I saw it several times, that adding new PriviledgeTargets does not work until you cleared all caches (e.g. with --force or by just deleting the Data/Temporary directory completely).

If that doesn't help, could you copy/paste your Policy.yaml definitions here?

ossplus commented 8 years ago

@mrimann ,I delete Data/Temporary directory completely , It still don't work. root@weber:/neos-2.0/Configuration# more Policy.yml

privilegeTargets:
  TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilege:
    'MyShop:ShopAdminActions':
      matcher: 'method(Aimeos\Shop\Controller\(.*)Controller->(.*)Action())'

roles:
  'TYPO3.Flow:Everybody':
    privileges:
      -
        privilegeTarget: 'MyShop:ShopAdminActions'
        permission: GRANT

mrimann commented 8 years ago

I think the source of your issue is a typo in my added text in the Readme. Sorry for that!

The file containing the Policy definition should be named Policy.yaml and not Policy.yml (different file extension)

mrimann commented 8 years ago

I've proposed a change to the documentation, see https://github.com/aimeos/aimeos-flow/pull/10

ossplus commented 8 years ago

It works now. thanks. But i think this sample Policy.yaml file should be included in the Aimeos package and placed in /Aimeos.Shop/Configuration/ directory.

mrimann commented 8 years ago

Hmm, when I added it to the docs I thougt this might be impossible (as it could be a security issue if added packages will bring their own policys or even override existing ones).

I'm not sure whether the Aimeos.Shop-Package for Flow should ship with that by default, or whether it should be added by the Developer that adds the shop (so he knows what he adds and can adapt it to it's needs).

Anyway: If we put it into Aimeos.Shop-Package, it cannot be as it is right now, as the mentioned example in the docs allows everyone full access to everything.

aimeos commented 8 years ago

Can the policies added by packages be overwritten? In this case we could add a standard policy file (if you provide one) that allows access to the public parts to everyone, allows access to the MyAccount area to authenticated users and to the admin part to editors only as long as it could be used for other Flow applications too.

aimeos / aimeos-flow

401 Unauthorized #9