Aimeos secure Admin with Neos 3.0
Posted: 11 Mar 2017, 00:17
Hello,
i successfully installed Aimeos into a Neos 3.0 installation.
However i am struggling a bit with securing the admin interface.
I noticed it is accessible for everyone by default. (really bad. )
So i have to use the Flow/Neos authentication for it.
But it seems when i enable it, it just is still not authenticated correctly.
I basicly only want to allow Neos Backend users to access the shop admin interface.
So i came up with this Policy.yaml
that way, "/shop/list" is still accessible, but "/shop/extadm"
gives me the following error:
Anyone have already experience with this?
Would be thankful for any help.
i successfully installed Aimeos into a Neos 3.0 installation.
However i am struggling a bit with securing the admin interface.
I noticed it is accessible for everyone by default. (really bad. )
So i have to use the Flow/Neos authentication for it.
But it seems when i enable it, it just is still not authenticated correctly.
I basicly only want to allow Neos Backend users to access the shop admin interface.
So i came up with this Policy.yaml
Code: Select all
privilegeTargets:
Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege:
'MyShop:AllActions':
matcher: 'method(Aimeos\Shop\Controller\(Catalog|Locale|Account|Basket|Checkout|Page|Jsonapi)Controller->(.*)Action())'
'MyShop:AdminActions':
matcher: 'method(Aimeos\Shop\Controller\(Admin|Extadm|Jsonadm|Jqadm)Controller->(.*)Action())'
roles:
'Neos.Neos:Editor':
privileges:
-
privilegeTarget: 'MyShop:AllActions'
permission: GRANT
-
privilegeTarget: 'MyShop:AdminActions'
permission: GRANT
'Neos.Flow:Everybody':
privileges:
-
privilegeTarget: 'MyShop:AllActions'
permission: GRANT
gives me the following error:
(it doesn't matter if i am logged in to the Neos Backend or not.)Could not authenticate any token.
Might be missing or wrong credentials or no authentication provider matched.
Evaluated following 1 privilege target(s):
"MyShop:AdminActions": ABSTAIN
(0 granted, 0 denied, 1 abstained)
Exception Code 1222204027
Exception Type Neos\Flow\Security\Exception\NoTokensAuthenticatedException
Log Reference 2017031101161041677b
Thrown in File Data/Temporary/Development/Cache/Code/Flow_Object_Classes/Neos_Flow_Security_Authorization_Interceptor_PolicyEnforcement.php
Line 104
Original File Packages/Framework/Neos.Flow/Classes/Security/Authorization/Interceptor/PolicyEnforcement.php
Anyone have already experience with this?
Would be thankful for any help.