This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit ezplatform.com

eZ Community » Forums » eZ Publish 5 Platform » Define role and authentication on...
expandshrink

Define role and authentication on siteaccess

Define role and authentication on siteaccess

Wednesday 02 April 2014 3:12:28 pm - 10 replies

In ez 2014.01, I want one of my siteaccess (not in legacy mode) is accessible only if it is connected (User or Admin). 

The list of my users is in ezPublish administration. I defined a dedicated role for user (user / login (siteaccess)) 

Unfortunately when I connect to the site, I can see the website in anonymous.

I use this configuration : https://confluence.ez.no/display/EZP/Authentication?src=search#Authentication-AuthenticationwithLegacySSOHandlers

Thanks

Djoo

Modified on Wednesday 02 April 2014 5:09:17 pm by Johann Roc

Wednesday 02 April 2014 3:34:27 pm

I just noticed that: 

If I connect to my siteaccess url http://mywebsite.com/siteaccess, I can access in anonymous mode (which I do not want) 

If I connect it to any other url http://mywebsite.com/siteaccess/toto.html type I arrive on the login form of the administration (the url does not change) 

I don't know if this is important or not but I prefer to say happy.gif Emoticon

Thursday 03 April 2014 12:34:52 am

You have, afaik, different ways to secure your (non-legacy) site:

1. set up an event listener where you check credentials of user. Or do it inside every controller

2. use firewall config to require user to be non anonymous, distinguishing siteaccesses by url

 

The good thing about 2 is that all it takes is 3 lines of config. Example for security.yml

     access_control:
        # Admin interfaces run on legacy and are protected by roles and policies
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, host: ^(editorial|admin)\.mysite\.(local|com)$ }

        # Frontend siteaccess otoh we protect via the firewall.
        # The only accessible routes are declared here
        - { path: ^/user/(login|logout), roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/ezinfo/is_alive, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/ezp/v2/user/sessions, roles: IS_AUTHENTICATED_ANONYMOUSLY }

        - { path: ^/, roles: ROLE_USER }

Thursday 03 April 2014 9:33:25 am

Hi Gaetano, thanks for your answer.
In fact, i use a siteaccess (on ez5 system with twig et cie..), but my users are stocked as ez user (In backend).

In ez4 i defined the roles to access in my administration (Users > Roles...). For exemple : i define for my site access it's impossible to access in anonymous. 

I use this :

 
security:    
    firewalls:        
        ezpublish_front:            
                pattern: ^/            
                anonymous: ~            
                # Adding the following entry will activate the use of old SSO handlers.            
                ezpublish_legacy_sso: ~

But it's doesn't work... I think i make an error. But i don't see where. 

Thursday 03 April 2014 11:26:40 am

I'm pretty sure Florent got this working... Pinged him, will let you know.

Thursday 03 April 2014 11:30:11 am

Florent ?

Thursday 03 April 2014 2:06:38 pm

Florent is one of our consultants blunk.gif Emoticon.

Yes I think he got it working, but against master (5.3)

Thursday 03 April 2014 4:35:34 pm

Thanks a lot.

I finally succeed.

I use this configuration on security.yml

        ezpublish_front:            
                  pattern: ^/            
                  anonymous: ~            
                  form_login:               
                  require_previous_session: false            
                  logout: ~ 
 

 

  access_control:        
 
- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY }       
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY}        
- { path: ^/mysiteaccess/login, roles: IS_AUTHENTICATED_ANONYMOUSLY}        
- { path: ^/mysiteaccess, roles: ROLE_USER }

and in my routing.yml i need to add new routon just for my siteaccess

mysiteaccess_login:    
          path:   /mysiteaccess/login    
          defaults:  { _controller: ezpublish.security.controller:loginAction }
mysiteaccess_login_check:    
          path:   /mysiteaccess/login_check
mysiteaccess_logout:    path:   /mysiteaccess/logout

I don't know if the good issue but it's ok !

Now, i try to access in my twig template to a value stocked in my ezUser. But i don't know how to call it :

{{ app.user.myvaluefromEZ }}

Have you an idea ? 

Thursday 03 April 2014 5:01:19 pm

I use this. It's ok ? happy.gif Emoticon

 {{app.user.getAPIUser().content.getFieldValue("name")}}

Thursday 03 April 2014 5:23:31 pm

Hi Johann,

Your configuration seems good but maybe you should add in access_control path for logout url (and you're right, security component is not siteaccess aware so need to add /mysiteaccess/...)

to access user's name, you should use

<span class="cp">{{</span> <span class="nv">app.user.username</span> <span class="cp">}}</span>

app.user give you an SF user and not a eZ one. So, appart the username, you won't find anything else (i guess, try a dump on it maybe?)

 

In addition, this is useful tricks for you : https://github.com/dspe/ez5_cheatsheet/blob/master/eng/templates.md

It's an old page (made when eZ 5.0 was ready) and needs some refresh but most of the tricks works fine.

Hope it helps

Saturday 05 April 2014 2:00:15 pm

Great, it looks like we're getting somewhere, aren't we ?

Please consider marking the topic as solved (if it is) using the button next to the thread's title happy.gif Emoticon

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from