Symfony 6.1 infinite redirect loop on login-CodePudding

This is driving me crazy, it was working and I have no idea what changed, but now I am getting an infinite redirect loop (301) on my login page, logs show AccessDeniedException. Obviously I have checked many StackOverflow answers and other internet links but I can't see what's wrong with my setup:

security.yaml:

security:
    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        app_user_provider:
            entity:
                class: App\Entity\Users
                property: email

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        customer:
            pattern: ^/customer
            security: false

        main:
            pattern: ^/
            lazy: true
            provider: app_user_provider

            form_login:
                login_path: login
                check_path: login
                enable_csrf: true

            logout:
                path: logout
                target: /login
            
    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customer, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/sales, roles: [ROLE_SALES, ROLE_ADMIN] }
        - { path: ^/admin, role: ROLE_ADMIN }

logs:

[2022-10-26T11:29:20.918658 00:00] request.INFO: Matched route "login". {"route":"login","route_parameters":{"_route":"login","_controller":"App\\Controller\\SecurityController::login"},"request_uri":"https://***.com/login","method":"GET"} []
[2022-10-26T11:29:20.928261 00:00] security.DEBUG: Checking for authenticator support. {"firewall_name":"main","authenticators":1} []
[2022-10-26T11:29:20.928351 00:00] security.DEBUG: Checking support on authenticator. {"firewall_name":"main","authenticator":"Symfony\\Component\\Security\\Http\\Authenticator\\FormLoginAuthenticator"} []
[2022-10-26T11:29:20.928405 00:00] security.DEBUG: Authenticator does not support the request. {"firewall_name":"main","authenticator":"Symfony\\Component\\Security\\Http\\Authenticator\\FormLoginAuthenticator"} []
[2022-10-26T11:29:20.955819 00:00] security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at /vendor/symfony/security-http/Firewall/AccessListener.php:97)"} []

What's wrong with this?

CodePudding user response：

You should add

anonymous: true under main firewall and append (as last rule)

- { path: ^/, roles: IS_AUTHENTICATED_FULLY } to access_control.

That sould do the trick.

CodePudding user response：

IS_AUTHENTICATED_ANONYMOUSLY was deprecated in 5.3 and removed in 6.0 (?), the official documentation recommends using PUBLIC_ACCESS instead

See https://symfony.com/doc/6.1/security.html#allowing-unsecured-access-i-e-anonymous-users