Le 17/09/2012 16:17, Thomas Rabaix a écrit :
I pretty like simplification when thing must be done the right way.
However, the security is the starting point of any important logic.
And the routing is one of them.
What I have done here :
https://github.com/sonata-project/SonataPageBundle/compare/master...cmf-routing-chain#L4R91
is pretty bad and defeats the firewall logic.
The same goes for handling 404 page. We are providing a way of
creating a page on non existent url for editor only, as the security
component is not loaded the same issue occurs.
I might missing a point about redirection with the Security Component.
But the configuration definition does not used any information from
the router. So the router should not be used for generating redirected
urls.
The issue is that the firewall need to be able to use the routing, as
route names are allowed for the check path and the login path.
Triggering the firewall before the router in 2.0 was leading to some
nasty bugs (and the router logic was splitted in 2 so that part of it
was still done before the firewall).
And the router is used in the service definitions:
https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml#L129-132
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
