Now I know what my mistake was: I only relied on the firewall rules and did not configure the access_control part in security.yml. This makes sense when configuring admin sections, but my case is different: Some pages are for certain roles only, other parts of the site can be visited by anonymous and authenticated users (the latter see more info).
I have now a catchall rule in my firewall that matches all pages and allows for anonymous access. In the access_control section I configure which roles are allowed to which parts of the site. Now the "acessible for all" pages show the correct role-dependent info. I no longer check AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY but check for specific roles. Thanks! On 12 Mai, 13:56, Christophe COEVOET <s...@notk.org> wrote: > Le 12/05/2011 13:47, thesaint a crit : > > > > > > > > > Ah, thanks. So then let me rephrase my question: How do I configure > > firewalls in security.yml for a page that allows authenticated users > > but also showing content to anonymous users? How Do I configure it in > > a way that the regular user info takes precedence to the anonymous > > info? > > > I have tried the following: > > > mypage: > > pattern: ^/shared_page > > form_login: > > check_path: /logincheck > > login_path: /login > > logout: > > path: /logout > > target: / > > anonymous: > > > But still got the anonymous user back. > > If the user is still authenticated, it never got an anonymous token but > always its authenticated token. The anonymous listener is used last, > when all other way to authenticate the user have failed. > > The issue in your case is that the check_path (/logincheck) is not > catched by the firewall as it does not match the pattern of the firewall > (/shared_page/*). So you are never authenticated against this firewall. > You will have the same issue with the logout listener. > > I advice you to look at the new version of the Security doc in the > dedicated branch of the symfony-docs repo. It explains it better than > the current doc (but it is not yet completed). > > -- > Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
