I forgot to say that this "controller" option that I mentioned before would
mimic the "controller" option in the "access_control" section of the
security.config. So it could work like:
firewall:
backend:
controller: .*\\.*Bundle\\Admin\\.*
http-basic: true
Would this be technically possible?
On Thu, Jan 13, 2011 at 1:05 PM, Gustavo Adrian <[email protected]
> wrote:
> I don't know exactly how the firewall works at this time so if what I say
> here doesn't make sense, forgive me :)
>
> Wouldn't be possible to add an option to the firewall settings like
> "_controller" or something like that, so you can limit access by an URL
> pattern OR by the final controller resolved by the URL that the user is
> viewing ? it should be easy then handling things like multilanguage URL's
> for example.
>
> I agree with Johannes comment, so what I'm saying here are covered by what
> he said. But I was thinking that maybe, if it's possible by design, would be
> a good way to configure the firewall by controller, besides the url pattern
> option, if it's possible of course.
>
>
> Just a thought.
>
>
> On Thu, Jan 13, 2011 at 12:54 PM, Lukas Kahwe Smith
> <[email protected]>wrote:
>
>>
>> On 09.01.2011, at 22:04, Tom Boutell wrote:
>>
>> > The plus side, of course, seems to be ease of configuration and
>> > coding. It is indeed pretty darn convenient to set up the firewall
>> > this way, and the convenience parameters to action methods are very
>> > handy. The downside is surprise side effects of "just making the URLs
>> > nice" (:
>>
>>
>> I have also found myself wondering a few times if I should still check if
>> there is an authenticated user in controller actions that I lock down via
>> the firewall. In a way the check is superfluous, but it depends on the
>> firewall settings ..
>>
>> regards,
>> Lukas Kahwe Smith
>> [email protected]
>>
>>
>>
>> --
>> If you want to report a vulnerability issue on symfony, please send it to
>> security at symfony-project.com
>>
>> You received this message because you are subscribed to the Google
>> Groups "symfony developers" group.
>> To post to this group, send email to [email protected]
>> To unsubscribe from this group, send email to
>> [email protected]<symfony-devs%[email protected]>
>> For more options, visit this group at
>> http://groups.google.com/group/symfony-devs?hl=en
>>
>
>
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
