I don't know exactly how the firewall works at this time so if what I say here doesn't make sense, forgive me :)
Wouldn't be possible to add an option to the firewall settings like "_controller" or something like that, so you can limit access by an URL pattern OR by the final controller resolved by the URL that the user is viewing ? it should be easy then handling things like multilanguage URL's for example. I agree with Johannes comment, so what I'm saying here are covered by what he said. But I was thinking that maybe, if it's possible by design, would be a good way to configure the firewall by controller, besides the url pattern option, if it's possible of course. Just a thought. On Thu, Jan 13, 2011 at 12:54 PM, Lukas Kahwe Smith <[email protected]>wrote: > > On 09.01.2011, at 22:04, Tom Boutell wrote: > > > The plus side, of course, seems to be ease of configuration and > > coding. It is indeed pretty darn convenient to set up the firewall > > this way, and the convenience parameters to action methods are very > > handy. The downside is surprise side effects of "just making the URLs > > nice" (: > > > I have also found myself wondering a few times if I should still check if > there is an authenticated user in controller actions that I lock down via > the firewall. In a way the check is superfluous, but it depends on the > firewall settings .. > > regards, > Lukas Kahwe Smith > [email protected] > > > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<symfony-devs%[email protected]> > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
