Hi,
My policy.yaml in the plugin configuration folder isn’t accept the privilegeTarget for my ApiController. I dont get what i’ve done wrong
policy.yaml
privilegeTargets:
'TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
'Woerz.Customer.Event:EventController':
matcher: 'method(Woerz\Customer\Event\Controller\EventController->(index)Action())'
'Woerz.Customer.Event:ApiController':
matcher: 'method(Woerz\Customer\Event\Controller\ApiController->(dataTables)Action())'
roles:
'TYPO3.Flow:Everybody':
privileges:
-
privilegeTarget: 'Woerz.Customer.Event:EventController'
permission: GRANT
-
privilegeTarget: 'Woerz.Customer.Event:ApiController'
permission: GRANT
console - check
c0000041@dedi2872:/usr/www/users/c0000041/dev$ php ./flow security:showmethodsforprivilegetarget Please specify the required argument "privilegeTarget": Woerz.Customer.Event:EventController Woerz\Customer\Event\Controller\EventController indexAction c0000041@dedi2872:/usr/www/users/c0000041/dev$ php ./flow security:showmethodsforprivilegetarget Please specify the required argument "privilegeTarget": Woerz.Customer.Event:ApiController The given Resource did not match any method or is unknown. c0000041@dedi2872:/usr/www/users/c0000041/dev$
If i am opening the direct url (/Woerz.Customer.Event/Api/datatables) i got: #1258721059: The security context contained no tokens which could be authenticated.
Exception Log:
Uncaught exception #1258721059 in line 61 of /usr/www/users/c0000041/dev/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Security_Aspect_PolicyEnforcementAspect.php: The security context contained no tokens which could be authenticated.
Evaluated following 1 privilege target(s):
“TYPO3.Neos:AllControllerActions”: ABSTAIN
(0 granted, 0 denied, 1 abstained)
18 TYPO3\Flow\Security\Authorization\Interceptor\PolicyEnforcement_Original::invoke()
17 TYPO3\Flow\Security\Aspect\PolicyEnforcementAspect_Original::enforcePolicy(TYPO3\Flow\Aop\JoinPoint)
16 TYPO3\Flow\Aop\Advice\AroundAdvice::invoke(TYPO3\Flow\Aop\JoinPoint)
15 TYPO3\Flow\Aop\Advice\AdviceChain::proceed(TYPO3\Flow\Aop\JoinPoint)
14 Woerz\Customer\Event\Controller\ApiController::DataTablesAction()
13 call_user_func_array(array|2|, array|0|)
12 TYPO3\Flow\Mvc\Controller\ActionController_Original::callActionMethod()
11 TYPO3\Flow\Mvc\Controller\ActionController_Original::processRequest(TYPO3\Flow\Mvc\ActionRequest, TYPO3\Flow\Http\Response)
10 TYPO3\Flow\Mvc\Dispatcher_Original::initiateDispatchLoop(TYPO3\Flow\Mvc\ActionRequest, TYPO3\Flow\Http\Response)
9 TYPO3\Flow\Mvc\Dispatcher_Original::dispatch(TYPO3\Flow\Mvc\ActionRequest, TYPO3\Flow\Http\Response)
8 call_user_func_array(array|2|, array|2|)
7 TYPO3\Flow\Object\DependencyInjection\DependencyProxy::__call(“dispatch”, array|2|)
6 TYPO3\Flow\Object\DependencyInjection\DependencyProxy::dispatch(TYPO3\Flow\Mvc\ActionRequest, TYPO3\Flow\Http\Response)
5 TYPO3\Flow\Mvc\DispatchComponent_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)
4 TYPO3\Flow\Http\Component\ComponentChain_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)
3 TYPO3\Flow\Http\Component\ComponentChain_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)
2 TYPO3\Flow\Http\RequestHandler::handleRequest()
1 TYPO3\Flow\Core\Bootstrap::run()
HTTP REQUEST:
GET /Woerz.Customer.Event/Api/datatables HTTP/1.1
Content-Length: 0
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Encoding: gzip, deflate, sdch
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Upgrade-Insecure-Requests: 1
Connection: close
Host: ***********.de
Cache-Control: max-age=0
HTTP RESPONSE:
[response was empty]