Sunday, November 1, 2009

Re: RequireSecure Redirect Issues

I figured this out. I had my Auth stuff in the AppController
beforeFilter(). By adding the blackHole stuff to the child
controller's beforeFilter, I was overriding the AppController's before
filter (which allowed access to *). Issue was resolved by adding
"parent::beforeFilter()" in the child controller's beforeFilter.

On Oct 30, 10:39 am, CharlesTMunger <ryan.dy...@gmail.com> wrote:
> You know, I actually think just by including Security as a component,
> it makes my whole controller require Auth.  With nothing added but
> Security as a component, I can no longer access the controller pages -
> I get redirected to my login page and a message ""You are not
> authorized to access that
> location."
>
> If I log in the forceSSL and everything works perfectly.  Does this
> make any sense?
>
> On Oct 30, 12:23 am, CharlesTMunger <ryan.dy...@gmail.com> wrote:
>
> > I put the following code in one of my controllers, trying to force it
> > to use SSL:
>
> >         function beforeFilter() {
> >                 $this->Security->blackHoleCallback = 'forceSSL';
> >                 $this->Security->requireSecure();
> >         }
>
> >         function forceSSL() {
> >                 $this->redirect('https://' . $_SERVER['SERVER_NAME'] . $this->here);
> >         }
>
> > But whenever I go to a page using this controller, I get redirected to
> > my login page with the message "You are not authorized to access that
> > location."
>
> > I am using Auth in my appcontroller.  I'm guessing that has something
> > to do with it.  But for the life of me I cannot figure it out.
>
> > This is the code in my AppController for Auth:
>
> >                 $this->Auth->fields = array('username' => 'email',
> > 'password' => 'password');
> >                 //$this->Auth->loginAction = array('controller' => 'users', 'action'
> > => 'login');
> >                 $this->Auth->loginRedirect = '/';
> >                 $this->Auth->logoutRedirect = '/';
> >                 $this->Auth->allow('*');
> >                 $this->Auth->loginError = 'Invalid e-mail / password combination.
> > Please try again';
> >                 $this->Auth->autoRedirect = false;
>
> >                 $this->Auth->authorize = 'controller';
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)