I've been as well trying to configure the form-based security on my symfony2 project and I need to agree with Tom:
* to avoid 404 errors (controller not found error) I needed to specifically set up the firewalls for login_check and logout, the examples in docs were not working without this. May be that authenticate everybody as anonymous:true and then playing with roles is another approach. * beside this the documented feature of redirect sequence after successfull authentication does not work for me: e.g. request /my/secured/page -redirect- /login -redirect- /login_check - should redirect to - /my/secured/page but always redirects to default setting - / By checking the logs I noticed that in the session there is correctly set parameter target_url to app_dev.php/my/secured/page that should serve as no.1 redirect rule according to docs. Now, based on current doc it is difficult to say whether those security issues are bugs or "as expected" behavior, but hopefully this will help somebody else cause there is little to google about it yet. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
