Le 12/05/2011 13:47, thesaint a écrit :
Ah, thanks. So then let me rephrase my question: How do I configure
firewalls in security.yml for a page that allows authenticated users
but also showing content to anonymous users? How Do I configure it in
a way that the regular user info takes precedence to the anonymous
info?

I have tried the following:

mypage:
     pattern: ^/shared_page
     form_login:
                 check_path: /logincheck
                 login_path: /login
         logout:
                 path:   /logout
                 target: /
      anonymous:

But still got the anonymous user back.
If the user is still authenticated, it never got an anonymous token but always its authenticated token. The anonymous listener is used last, when all other way to authenticate the user have failed.

The issue in your case is that the check_path (/logincheck) is not catched by the firewall as it does not match the pattern of the firewall (/shared_page/*). So you are never authenticated against this firewall.
You will have the same issue with the logout listener.

I advice you to look at the new version of the Security doc in the dedicated branch of the symfony-docs repo. It explains it better than the current doc (but it is not yet completed).

--
Christophe | Stof

--
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

Reply via email to