A Token was not found in the SecurityContext (in cookbook/security/custom_authentication_provider.rst)

[c7nj7n]

I followed the tutorial step by step, and everything seems to be alright.

But once I access the protected area (see my security settings below) I get a "A Token was not found in the SecurityContext". Any idea what's wrong? Maybe I miss something, or it's maybe the cookbook entry that is not explicit enough at one point?

firewalls:
    dev:
        pattern:        ^/(_(profiler|wdt)|css|images|js)/
        security:       false

    login:
        pattern:        ^/login$
        security:       false

    wsse_secured:
        pattern:        ^/test.json$
        wsse:           true

[stof]

security: false means that you disable the firewall totally. So there is no token in the context on the login page. This means you cannot use isGranted in such cases.

[stof]

and if you are not behind a firewall (for instance on every page different than /test.json in your case), it is exactly the same

[c7nj7n]

Thanks for your quick answer. Sorry, but I fail to understand. Security is set to false for other parts of the website, I implemented the custom security context for a webservice only (the test.json for instance).

[stof]

@cestcri the issue is probably that you tried to check some permissions (using isGranted for instance) in a paret where it is disabled.

[c7nj7n]

Thanks for your help @stof

The thing is that I didn't try anything, I just followed the tutorial step by step and tried to access text.json - that's all. Unfortunately the tutorial doesn't cover the usage... or at least its unclear to me.

[c7nj7n]

I thought this issue was linked to http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html and thus https://github.com/symfony/symfony-docs/commits/master/cookbook/security/custom_authentication_provider.rst, but apparently this is not the case. Sorry for not giving the context right away...

[bshaffer]

Check out this change:

https://github.com/bshaffer/symfony-docs/commit/fdff03e0f6f527fdc37c9a20bd9f54331c3412de

There was a return statement that fails to set a 403 response before doing so. Pull request pending, because there are a few other issues with the article, but this will get you past the Token error.

The other issue is that the "security_factories" directive has been removed,
so factories must be added in the AcmeDemoBundle.php class like this:

class AcmeDemoBundle extends Bundle
{
    public function build(ContainerBuilder $container)
    {
        parent::build($container);

        $extension = $container->getExtension('security');
        $extension->addSecurityListenerFactory(new WsseFactory());
    }
}

Although I am still looking into alternatives...

[c7nj7n]

Thanks for working on this, Brent.

Thanks for the fix, Brent. I applied the changes to MyProject\MyBundle\Security\Firewall\WsseListener and the message disappears.

Unfortunately I get now the following, although the function you asked me to add is identical to the interface definition in BundleInterface:

Fatal error: Declaration of MyProject\MyBundle\MyProjectMyBundle::build() must be compatible with that of Symfony\Component\HttpKernel\Bundle\BundleInterface::build() in C:\wamp\www\poc\src\MyProject\MyBundle\MyProjectMyBundle.php on line 16

[bshaffer]

Make sure you use the proper namespaces at the top of your Bundle file:

    namespace MyProject\MyBundle;

    use MyProject\MyBundle\DependencyInjection\Security\Factory\WsseFactory;
    use Symfony\Component\HttpKernel\Bundle\Bundle;
    use Symfony\Component\DependencyInjection\ContainerBuilder;

[c7nj7n]

Good point, I didn't include the ContainerBuilder!

Now I got:

Fatal error: Call to undefined method Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension::addSecurityListenerFactory() inC:\wamp\www\poc\src\MyProject\MyBundle\MyProjectMyBundle.php on line 16

Sorry about that...

[stof]

Seems like you are trying to use the new way to register the factories without using the new code. This method is new in Symfony 2.1

[bshaffer]

Thanks stof. Looks like < 2.1 can use the old way of doing it:

  # app/config/security.yml
    security:
        factories:
            - "%kernel.root_dir%/../src/Acme/DemoBundle/Resources/config/security_factories.yml"

So just change your WsseListener file and you'll be all set.

[c7nj7n]

Thanks stof and Brent for you help.

I updated the WsseListener already following https://github.com/bshaffer/symfony-docs/commit/fdff03e0f6f527fdc37c9a20bd9f54331c3412de - is there anything else to do?

The settings in security.yml are identical with those in the initial cookbook article, so no changes here. Do I need to keep the addSecurityListenerFactory(new WsseFactory() in my bundle's main class?

For now I have either a blank page (without the changes to my bundle's main class or the error described above (Call to undefined method Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension::addSecurityListenerFactory()). Sorry, but I'm still stuck.

[bshaffer]

Remove the whole build() function declaration in AcmeDemoBundle (including the call to addSecurityListenerFactory). This is only if you are on symfony 2.1. The WsseListener class should be the only one you change, and this will fix the "Token not found in SecurityContext" error.

[c7nj7n]

That's how I understood this, done. This brings me back to the blank page. Maybe I'm missing something, actually I don't even know how to pass the token neither where to set this.

Sorry about these premature questions, all I wanted to do is securing a webservice. I stumbled upon your great article and put a custom authentication provider in place. Now I guess I need to correctly use it, I just don't know how. Maybe you could add a section "How to use" to the article?