Re: [symfony-users] [symfony2] SecurityBundle: logout configuration question

[Christophe COEVOET]

Le 23/02/2011 23:46, olimination a écrit :
Hello,
I have started to do a simple webapp with the new Symfony2(with 
sandbox version commit 1fc745d).
I have added the SecurityBundle for authentication and somehow the 
logout configuration seems to work in a special way or maybe I don't 
understand something.

My app/config/config.yml security config looks like this:

security:
    encoders:
        Symfony\Component\Security\Core\User\User: sha1

    providers:
        main:
            users:
                foo: { password: shapw, roles: ROLE_ADMIN }

    firewalls:
        main:
            pattern: /admin.*
            http-basic: true
            logout: true
            stateless: true

    access_control:
        - { path: /admin.*, role: ROLE_ADMIN }

The HTTP-Basic authentication works fine if I call a "/admin" URL in 
the browser. But if I want to logout with URL "/logout" I receive 
following error message:

"Unable to find the controller for path "/logout". Maybe you forgot to 
add the matching route in your routing configuration?"

In the 
Security-Documentation(http://docs.symfony-reloaded.org/guides/security/authentication.html#logout-users) 
it says that there should be a listener which can handle the "/logout" 
request, but somehow this doesn't work for me.
The security listeners are only attached when the request matches the 
pattern of the firewall. So you need to use an url of the form 
/admin/logout to be in the scope of the listener. This can be done in 
the logout configuration.

By the way the logout listener is useless in your case as the browser 
send the headers with each request so the next request will also 
authenticate the user. The logout listener is only useful when the 
authentication relies on the session.

--
Christophe | Stof

--
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en