Star Repo
Aimeos secure Admin with Neos 3.0
Forum rules
Always add your TYPO3, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Always add your TYPO3, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Aimeos secure Admin with Neos 3.0
Hello,
i successfully installed Aimeos into a Neos 3.0 installation.
However i am struggling a bit with securing the admin interface.
I noticed it is accessible for everyone by default. (really bad.
)
So i have to use the Flow/Neos authentication for it.
But it seems when i enable it, it just is still not authenticated correctly.
I basicly only want to allow Neos Backend users to access the shop admin interface.
So i came up with this Policy.yaml
that way, "/shop/list" is still accessible, but "/shop/extadm"
gives me the following error:
Anyone have already experience with this?
Would be thankful for any help.
i successfully installed Aimeos into a Neos 3.0 installation.
However i am struggling a bit with securing the admin interface.
I noticed it is accessible for everyone by default. (really bad.
)So i have to use the Flow/Neos authentication for it.
But it seems when i enable it, it just is still not authenticated correctly.
I basicly only want to allow Neos Backend users to access the shop admin interface.
So i came up with this Policy.yaml
Code: Select all
privilegeTargets:
Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege:
'MyShop:AllActions':
matcher: 'method(Aimeos\Shop\Controller\(Catalog|Locale|Account|Basket|Checkout|Page|Jsonapi)Controller->(.*)Action())'
'MyShop:AdminActions':
matcher: 'method(Aimeos\Shop\Controller\(Admin|Extadm|Jsonadm|Jqadm)Controller->(.*)Action())'
roles:
'Neos.Neos:Editor':
privileges:
-
privilegeTarget: 'MyShop:AllActions'
permission: GRANT
-
privilegeTarget: 'MyShop:AdminActions'
permission: GRANT
'Neos.Flow:Everybody':
privileges:
-
privilegeTarget: 'MyShop:AllActions'
permission: GRANT
gives me the following error:
(it doesn't matter if i am logged in to the Neos Backend or not.)Could not authenticate any token.
Might be missing or wrong credentials or no authentication provider matched.
Evaluated following 1 privilege target(s):
"MyShop:AdminActions": ABSTAIN
(0 granted, 0 denied, 1 abstained)
Exception Code 1222204027
Exception Type Neos\Flow\Security\Exception\NoTokensAuthenticatedException
Log Reference 2017031101161041677b
Thrown in File Data/Temporary/Development/Cache/Code/Flow_Object_Classes/Neos_Flow_Security_Authorization_Interceptor_PolicyEnforcement.php
Line 104
Original File Packages/Framework/Neos.Flow/Classes/Security/Authorization/Interceptor/PolicyEnforcement.php
Anyone have already experience with this?
Would be thankful for any help.
Re: Aimeos secure Admin with Neos 3.0
There's currently a GitHub ticket about this topic:
https://github.com/aimeos/aimeos-flow/issues/16
https://github.com/aimeos/aimeos-flow/issues/16
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos,
give us a star
If you like Aimeos,
give us a starRe: Aimeos secure Admin with Neos 3.0
Yes. Sorry thats my Ticket. 
Will still look for the blocked OPTIONS requests, but other then that, the backend works including the login using the neos login page.
Will still look for the blocked OPTIONS requests, but other then that, the backend works including the login using the neos login page.
-
kimholberg
- Posts: 29
- Joined: 21 Aug 2017, 09:42
Re: Aimeos secure Admin with Neos 3.0
Been working on this BE authentication for the Aimeos Admin security. I followed the examples in the ticket
https://github.com/aimeos/aimeos-flow/issues/16 but cannot get it to accept the Neos admin user.
My codes is as follows and placed in Configuration under my own package:
Policy.yaml:
And Settings.yaml
I have ticket the box in Neos User Management for ShopAdmin, but still get error:
Might be missing or wrong credentials or no authentication provider matched.
Evaluated following 1 privilege target(s):
"MyShop:AdminActions": ABSTAIN
(0 granted, 0 denied, 1 abstained)
I think a general instruction in the doc's would be nice to have, so we have just a minimal security as default.
Regards
https://github.com/aimeos/aimeos-flow/issues/16 but cannot get it to accept the Neos admin user.
My codes is as follows and placed in Configuration under my own package:
Policy.yaml:
Code: Select all
privilegeTargets:
Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege:
'MyShop:AllActions':
matcher: 'method(Aimeos\Shop\Controller\(Catalog|Locale|Account|Basket|Checkout|Page|Jsonapi)Controller->(.*)Action())'
'MyShop:AdminActions':
matcher: 'method(Aimeos\Shop\Controller\(Admin|Extadm|Jsonadm|Jqadm)Controller->(.*)Action())'
roles:
'Neos.Flow:ShopAdmin':
privileges:
-
privilegeTarget: 'MyShop:AdminActions'
permission: GRANT
'Neos.Flow:Everybody':
privileges:
-
privilegeTarget: 'MyShop:AllActions'
permission: GRANT
Code: Select all
Neos:
Flow:
security:
authentication:
providers:
'Neos.Neos:Backend':
requestPatterns:
'MyShop:AdminControllers':
pattern: 'ControllerObjectName'
patternOptions:
controllerObjectNamePattern: 'Aimeos\Shop\Controller\(Admin|Extadm|Jsonadm|Jqadm).*'
Might be missing or wrong credentials or no authentication provider matched.
Evaluated following 1 privilege target(s):
"MyShop:AdminActions": ABSTAIN
(0 granted, 0 denied, 1 abstained)
I think a general instruction in the doc's would be nice to have, so we have just a minimal security as default.
Regards
Neos 3.2.0 - Bitnami AWS C2 - Aimeos 2017-10.1
Re: Aimeos secure Admin with Neos 3.0
If you can provide instructions how to get authentication for the Aimeos backend in Neos working, we will happily add it to the documentation
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, give us a star
If you like Aimeos,
give us a star