Hi Filipe,
Depending what version you're using, I think it might be your
patterns. You might have got these from some outdated documentation.
If you check out the updates doc:
https://github.com/symfony/symfony/blob/master/UPDATE.md
in the section PR8 to PR9 they changed the pattern matchers so you
explicitly need to add ^ and $ (if required). So I'd try changing that
portion of your security to:
system:
pattern: ^/[a-zA-Z]+
form_login: true
logout: true
public:
pattern: ^/
security: false
And if done correctly hopefully the security layer will capture your
requests for login check. Note that if you are able to configure it
correctly, you do not have to implement a login check controller (or a
logout one).
If you are using the Beta1, I've posted a full security configuration
here:
http://groups.google.com/group/symfony-users/browse_thread/thread/b96cc13f518b4349#
that works for the basics and is compatible with Beta1.
Good luck,
Daniel
On May 3, 4:18 am, Filipe La Ruina <filaru...@gmail.com> wrote:
> Hey Guys,
> I'm doing a project using Symfony 2 and the project involves '/' as being an
> login/register page and all the other pages require a logged user (it will
> be an entity)
> I'm reading the book but still I think the security part is not really clear
> for me. I see by the demo that I can have an almost automatic login system
> but when I try to do something that look like the one from the demo I can't
> get it.
> My security.yml contains:
> system:
> pattern: /[a-zA-Z]+
> form_login: true
> logout: true
>
> public:
> pattern: /
> security: false
> Them I created routes for my login and login_check (as the book says):
> _security_login:
> pattern: /login
> defaults: { _controller: MyApplicationBundle:Login:login }
>
> _security_check:
> pattern: /login_check
>
> I built the Controller with the loginAction with the code from the book:
> public function loginAction()
> {
> if
> ($this->get('request')->attributes->has(SecurityContext::AUTHENTICATION_ERR
> OR))
> {
> $error =
> $this->get('request')->attributes->get(SecurityContext::AUTHENTICATION_ERRO
> R);
> } else {
> $error =
> $this->get('request')->getSession()->get(SecurityContext::AUTHENTICATION_ER
> ROR);
> }
>
> return $this->render('MyApplicationBundle:Login:index.html.twig',
> array(
> 'last_username' =>
> $this->get('request')->getSession()->get(SecurityContext::LAST_USERNAME),
> 'error' => $error,
> ));
>
> }
>
> although it prints out the form just fine the security_check (that I think
> has some field validation) does not happen, it says that the controller is
> not found (I think it makes sense) and even if I put the controller there it
> says I have to implement the check method. I think all of that makes perfect
> sense, although in the demo it uses the built-in security somehow and I
> couldn't figure it out.
> So my question, after all this text is, how can I build that, preferably
> using the validation features symfony provides?
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
