Hi,
I am developping a backend application based on Symfony 2 beta 1.
Two types of users can access my backend (Partner and Admin).
Both of them can connect to the backend with the form login, here is
my security.yml :
public:
pattern: ^/public/.*
security: false
panel:
provider: default
pattern: /panel/.*
form_login:
login_path: /panel/login
check_path: /security/authenticate
always_use_default_target_path: true
default_target_path: /panel/profile
use_referer: false
logout: true
admin:
provider: in_memory
pattern: /.*
form_login:
login_path: /admin/login
check_path: /security/authenticate
always_use_default_target_path: true
default_target_path: /admin/partners
use_referer: false
switch_user: { role: ROLE_SUPER_ADMIN, parameter:
letmebe }
logout: true
What I want is that each type of user has his own Provider (an entity
for Partner and in_memory for Administrator). The problem here is that
I have only one form for both of them, and /admin/login is dedicated
to Admin and /panel/login to Partner.
The problem is that the check_path is the same (/security/
authenticate) and is caught by the admin section of my security.yml
since it is supposed to catch all with the pattern "/.*".
So I can't log in with a Partner because when I come from /panel/
login, the Security says that I have to be logged in to access /
security/authenticate... No problem to connect with Admin.
I don't know if I am enough clear :)
Do one of you has an idea of how to resolve it ?
Thank you.
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
