In case anyone runs in to the same issue, here's how I solved it.
It required some access control config which i added to the bottom of
the security config, note that the order of these was important:
access_control:
- { path: ^/user/, roles: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Then I changed the "user" firewall above to the following, the key
parts being to make the pattern to be totally open and to allow
anonymous authentication:
site:
pattern: ^/
form_login:
check_path: /user/login-check
login_path: /user/login
default_target_path: /user/dashboard
provider: user
logout:
path: /user/logout
target: /
anonymous: true
On May 1, 9:36 am, danielholmes <dan...@creatio.com.au> wrote:
> Hi All,
>
> I'm having a problem working with the security layer and i'm pretty
> sure its because i don't understand the big picture in relation to
> security. I found one other user who was having the same problem, but
> they didn't receive an
> answer:http://groups.google.com/group/symfony-users/browse_thread/thread/7c1....
>
> The background: i have a homepage which any visitor should be able to
> visit. I have a /user/* section which will be accessible to only
> registered users. I have a header which shows on both the homepage and
> in the /user/* section which should show the currently logged in
> registered user or a small login form.
>
> The problem: once the user has logged in, from the header controller i
> call $this->get('security.context')->getToken() and it returns the
> correct user while in the /user/* section, but an anonymous user when
> they are on the homepage.
>
> I have the following security setup. I've tried many combinations, but
> this one seems to be the closest to what i need:
> ---------------------------------------------------------------------------
> -----------------------
> security:
> encoders:
> MyUser: plaintext
>
> providers:
> user:
> entity: { class: MyUser, property: emailAddress }
>
> firewalls:
> profiler:
> pattern: ^/_profiler
> security: false
>
> wdt:
> pattern: ^/_wdt
> security: false
>
> login:
> pattern: ^/user/login$
> security: false
>
> user:
> pattern: ^/user/
> form_login:
> check_path: /user/login-check
> login_path: /user/login
> default_target_path: /user/dashboard
> provider: user
> logout:
> path: /user/logout
> target: /
>
> main:
> pattern: ^/
> anonymous: true
> provider: user
> ---------------------------------------------------------------------------
> -----------------------
>
> And I have the following routes:
> ---------------------------------------------------------------------------
> -----------------------
> homepage:
> pattern: /
> defaults: { _controller: GeneralPublicBundle:Home:view }
>
> userDashboard:
> pattern: /user/dashboard
> defaults: { _controller: UserBundle:Dashboard:view }
>
> login:
> pattern: /user/login
> defaults: { _controller: SiteSecurityBundle:Login:form }
>
> # Will be intercepted by security layer
> _security_check:
> pattern: /user/login-check
>
> # Will be intercepted by security layer
> logout:
> pattern: /user/logout
> ---------------------------------------------------------------------------
> -----------------------
>
> To replicate the issue, in a new session i:
> - go to user/dashboard
> - once redirected to login, I type in a valid username and password
> - i get redirected back to /user/dashboard and the header shows the
> details of my database user
> - I go to the site homepage (/) and the header shows an anonymous
> user
>
> I'm using Beta1. Any help you can give will be greatly appreciated.
>
> Thanks,
> Daniel
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
