Le 06/06/2011 18:17, Javier Garcia a écrit :
On Jun 6, 6:10 pm, Christophe COEVOET<s...@notk.org> wrote:
the firewall section defines the authentication, not the authorization.
Yes I know that.
My question is:
If authentication is defined in the section "firewalls" (as the manual
says), why do you
say the line "/- { path: ^/admin, roles: ROLE_ADMIN }/ " becomes this
sentence: "Any URL matching /admin/* is secured, and only the admin
user can access it." ???
Javi
Securing an url is done by the "authorization" part. The firewall only
says "The current user is admin". It does not say "The current user has
access to this page".
The access control rule is "Any URL matching /admin is secured and only
user with the ROLE_ADMIN role can access it". The fact that the "admin"
user is allowed comes from the provider section where it is defined that
this user has the ROLE_ADMIN role (and that the "ryan" user does not
have it).
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
