Big thanks for your help.
I'm sorry for that, but I don't understand your message. I allready
have an option for the check and login path under the "/my" prefix -
do I missed something?
When I omit the firewall for the public area I get in an infinite loop
because he tries to redirect me to it self again and again. Do you
maybe have a sample configuration for this? What options do I have to
get a working "access_control" configuration.
On Feb 21, 3:43 pm, stof <s...@notk.org> wrote:
> On Mon, 21 Feb 2011 06:23:07 -0800 (PST), Lemmi
>
>
>
> <bdrops.hildebra...@googlemail.com> wrote:
> > I have a question to the security features of Symfony2. I want to
> > protect a special area of my application under the "/my" prefix.
>
> > My configuration looks like follows:
>
> > - - -
> > security.config:
> > providers:
> > my:
> > entity: { class: MyUserBundle:User, property: username }
>
> > firewalls:
> > public:
> > pattern: /my/login.*
> > security: false
>
> > my:
> > pattern: /my.*
> > form-login:
> > check_path: /my/login_check
> > login_path: /my/login
> > logout: true
>
> > access_control:
> > - { path: /my/login.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
> > - - -
>
> > When I try to access the login area, everything works fine, submitting
> > the form leads to an error page, because there is no registered
> > controller for the "_security_check" route, like its described in the
> > guide (http://docs.symfony-reloaded.org/master/guides/security/
> > authentication.html#form-based-authentication):
>
> > - - -
> > _security_login:
> > pattern: /my/login
> > defaults: { _controller: MyUserBundle:Auth:login }
>
> > _security_check:
> > pattern: /my/login_check
> > - - -
>
> > I think normally the SecurityBundle hacks into this process so that no
> > controller is needed. The configuration of Symfony2 is allways very
> > complex.
>
> > I think I missed something, hope you can help.
> > Thanks in advance!
>
> The form listener authenticates you when using the /login-check url by
> default so you have to change it in your security config.
>
> Btw you have to use the same firewall to handle the login and to securize
> the site as they don't share their context by default. Restricting the
> access has to be done with the access control map, not with the pattern of
> the firewall which is responsible of the authentication, not of the
> authorization.
>
> Regards
>
> --
> Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
