On Mon, 21 Feb 2011 06:23:07 -0800 (PST), Lemmi
<bdrops.hildebra...@googlemail.com> wrote:
> I have a question to the security features of Symfony2. I want to
> protect a special area of my application under the "/my" prefix.
>
> My configuration looks like follows:
>
> - - -
> security.config:
> providers:
> my:
> entity: { class: MyUserBundle:User, property: username }
>
> firewalls:
> public:
> pattern: /my/login.*
> security: false
>
> my:
> pattern: /my.*
> form-login:
> check_path: /my/login_check
> login_path: /my/login
> logout: true
>
> access_control:
> - { path: /my/login.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
> - - -
>
> When I try to access the login area, everything works fine, submitting
> the form leads to an error page, because there is no registered
> controller for the "_security_check" route, like its described in the
> guide (http://docs.symfony-reloaded.org/master/guides/security/
> authentication.html#form-based-authentication):
>
> - - -
> _security_login:
> pattern: /my/login
> defaults: { _controller: MyUserBundle:Auth:login }
>
> _security_check:
> pattern: /my/login_check
> - - -
>
> I think normally the SecurityBundle hacks into this process so that no
> controller is needed. The configuration of Symfony2 is allways very
> complex.
>
> I think I missed something, hope you can help.
> Thanks in advance!
The form listener authenticates you when using the /login-check url by
default so you have to change it in your security config.
Btw you have to use the same firewall to handle the login and to securize
the site as they don't share their context by default. Restricting the
access has to be done with the access control map, not with the pattern of
the firewall which is responsible of the authentication, not of the
authorization.
Regards
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
