Authorization Tutorial for cakePHP 4


after following the Tutorials to the end of the Authorization part, everything works until I press ‘submit’ on the login page. Then the following error massage shows up:

And if I want to edit an article this error occurs:

Policy for Cake\ORM\Entity has not been defined.

I’ve followed the Tutorial the second time, and went over the last part twice. I can’t make out the mistake.

I would like to know if that is a known issue?
Or if someone could point out where I could have made a mistake.

Thank you for your help.


This might take care of your fist error (if I’m not mis-remembering):

It’s weird that the “login” process seems to somehow be hitting the “/users” URL. Is the login function redirecting there after successful login? That doesn’t seem like a place that people would normally be sent to at that time.

Well, login is probably in the UsersController, so it doesn’t feel too surprising to me. He may never be getting out of the login method.

But the URL in the error is just /users, not /users/login. Standard notation would indicate that this is the list of users. So, unless the routing has been set up such that the login method is accessible at /users, there’s a redirect happening, and it’s to an unusual location. Of course, this is all guesswork, because no code has been shared.

Once you include Authorization, every action in every controller requires an authorization check.

So, for every controller in your project, you will need to add the following as the first line of each action method if you did not already add an authorization check to the action.


The tutorial would have already added some authorization checks to some of your action methods including the skipAuthorization to your login and logout actions in the user controller.

Hope this helps.