Hi All,
I'm having a problem working with the security layer and i'm pretty
sure its because i don't understand the big picture in relation to
security. I found one other user who was having the same problem, but
they didn't receive an answer:
http://groups.google.com/group/symfony-users/browse_thread/thread/7c1b41a9fdb467e8.
The background: i have a homepage which any visitor should be able to
visit. I have a /user/* section which will be accessible to only
registered users. I have a header which shows on both the homepage and
in the /user/* section which should show the currently logged in
registered user or a small login form.
The problem: once the user has logged in, from the header controller i
call $this->get('security.context')->getToken() and it returns the
correct user while in the /user/* section, but an anonymous user when
they are on the homepage.
I have the following security setup. I've tried many combinations, but
this one seems to be the closest to what i need:
--------------------------------------------------------------------------------------------------
security:
encoders:
MyUser: plaintext
providers:
user:
entity: { class: MyUser, property: emailAddress }
firewalls:
profiler:
pattern: ^/_profiler
security: false
wdt:
pattern: ^/_wdt
security: false
login:
pattern: ^/user/login$
security: false
user:
pattern: ^/user/
form_login:
check_path: /user/login-check
login_path: /user/login
default_target_path: /user/dashboard
provider: user
logout:
path: /user/logout
target: /
main:
pattern: ^/
anonymous: true
provider: user
--------------------------------------------------------------------------------------------------
And I have the following routes:
--------------------------------------------------------------------------------------------------
homepage:
pattern: /
defaults: { _controller: GeneralPublicBundle:Home:view }
userDashboard:
pattern: /user/dashboard
defaults: { _controller: UserBundle:Dashboard:view }
login:
pattern: /user/login
defaults: { _controller: SiteSecurityBundle:Login:form }
# Will be intercepted by security layer
_security_check:
pattern: /user/login-check
# Will be intercepted by security layer
logout:
pattern: /user/logout
--------------------------------------------------------------------------------------------------
To replicate the issue, in a new session i:
- go to user/dashboard
- once redirected to login, I type in a valid username and password
- i get redirected back to /user/dashboard and the header shows the
details of my database user
- I go to the site homepage (/) and the header shows an anonymous
user
I'm using Beta1. Any help you can give will be greatly appreciated.
Thanks,
Daniel
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
