Hey guys! I'm diving into the security component in a big way to write its docs. I think the security component is going to be a fantastic feature, but I also realize that there are some common pain points. Of course, updated documentation is going to go a long way, but I'm hoping we can also address things with better exception messages. Here are a few pain-points I created just by tweaking the standard-distribution security.yml:
* If the login page (e.g. /login) is in a secured area (i.e. behind a firewall), you just get a redirect loop. Can we notify the user somehow? * Obviously, the actual login/logout URLs used by the security component are independent from the routing. This means you may just get redirected to a 404 for login. I realize we're decoupled, but can we do better? * The URL for your check_path must be a URL managed by the firewall. If you create the route correctly, but forget to match the "check_path" option to that URL, you'll hit a "gotcha". Specifically, the login form will submit, but then get caught by the firewall and redirected back to the login form. The user just sees the login page over and over again, but without any form errors. Again, this is difficult, but perhaps we can identify *something* that tells us this is happening so we can notify the user. And this really goes to everyone who's using the security component - let's be proactive when using it so that we can - one-by-one - eliminate these pain points. That can be done by improving the documentation or, hopefully, being creative with exception messages. It'll also be done by writing cookbook articles when you solve specific problems. Others know much more about the component - so I'm probably *way* overstepping my bounds - but I hope we can all be active in smoothing its edges :). Thanks! Ryan Weaver US Office Head & Trainer - KnpLabs - Nashville, TN http://www.knplabs.com <http://www.knplabs.com/en> http://www.thatsquality.com Twitter: @weaverryan -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
