You must configure the check path to be handled by the firewall using form_login in your security firewall configuration
Solution 1
I think you need to put form_login
under a firewall ( either main
or add another one )
form_login under main firewall :
firewalls:
main:
pattern: ^/admin
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true ....
form_login under another firewall
firewalls:
main:
pattern: ^/admin
second_firewall:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true .....
Solution 2
Your code is wrong only in the part of check_path value.
This is your original code:
firewalls:
main:
pattern: ^/admin
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true
And you should use something like:
firewalls:
main:
pattern: ^/admin
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: /login_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true
Note that check_path has as value only a string. If you use the value fos_user_security_check you are calling to SecurityController.php class and invoking the checkAction() method which exactly only throws an RuntimeError Exception with the error displayed "You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.". So the fix is so simple that not use the value fos_user_security_check
Solution 3
pattern: ^/admin
This is possibly where your problems start.
Try changing this back to ^/
Then change your routes for FosUserBundle
# app/config/routing.yml
fos_user_security:
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
prefix: /admin
fos_user_profile:
resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
prefix: /admin/profile
fos_user_register:
resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
prefix: /admin/register
fos_user_resetting:
resource: "@FOSUserBundle/Resources/config/routing/resetting.xml"
prefix: /admin/resetting
fos_user_change_password:
resource: "@FOSUserBundle/Resources/config/routing/change_password.xml"
prefix: /admin/profile
Solution 4
In some instances, I can see that this is caused by default security settings generated when symfony is installed by composer.
In my case, in my security.yml, I had this section:
default:
anonymous: ~
As this was working as a catch-all, it was interfering with FOSUserBundle's ability to handle the route. Just delete it or, if you have a route you've specified yourself, make sure it's not also handling the same URL path.
Antonio Peric
Updated on October 22, 2020Comments
-
Antonio Peric over 3 years
i have webservice which is provider for my "regular" users. I want to use FosUserBundle for my administrators. Above is my security configuration. regular users login works with no problem, but when i want to login as admin i got this message:
"You must configure the check path to be handled by the firewall using form_login in your security firewall configuration. "
Here is my security configuration:
security: encoders: Locastic\CustomUserBundle\Security\User\User: plaintext FOS\UserBundle\Model\UserInterface: sha512 providers: fos_userbundle: id: fos_user.user_provider.username_email webservice: id: locastic.user_provider firewalls: main: pattern: ^/admin form_login: provider: fos_userbundle login_path: fos_user_security_login check_path: fos_user_security_check csrf_provider: form.csrf_provider logout: true anonymous: true remember_me: key: "%secret%" lifetime: 31536000 # 365 days in seconds path: / domain: ~ # Defaults to the current domain from $_SERVER user-service: pattern: ^/ logout: path: /logout anonymous: true webservice-login: check_path: /prijava-provjera login_path: /prijavi-se provider: webservice always_use_default_target_path: true default_target_path: /stanje-racuna access_control: - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin, role: ROLE_ADMIN } role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: ROLE_ADMIN