Display authenticated users on non-secure (anonymous) routes

Question

I use PHP and Silex to build a web app and I implemented basic authentication via SecurityServiceProvider like this:

$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'private' => array(
            'remember_me' => array(
                'key' => $config['secret_key'],
                'lifetime' => $config['remember_me_duration'],
            ),
            'pattern' => '^/admin',
            'form' => array('login_path' => '/login', 'check_path' => '/admin/login_check'),
            'logout' => array('logout_path' => '/admin/logout'),
            'users' => $app->share(function () use ($app) {
                // ...
            }),
        ),
        'public' => array(
            'pattern' => '^/$',
            'anonymous' => true,
        ),
        'login' => array(
            'pattern' => '^/login$',
            'anonymous' => true,
        ),
    ),
));

As you can see the /admin paths are secured, there I can use $app['security']->getToken()->getUser(); to get the actual user that is authenticated and display something like Logged in as $username , but if I do this on the /login or / routes the user will always be anon. even if I'm authenticated.

How can I get the authenticated user, if there is one, otherwise the anon. string, on the / and /login routes in order to display a message like: Logged in as $username ?

I also tried to use is_granted('IS_AUTHENTICATED_FULLY' function in the twig templates to check if the user is authenticated, but on /login and / it returns false (even if I'm authenticated) since the anonymous user takes precedence over the authenticated ones, so no success here.

Answer 1

In order to help other people, I solved the issue as described below. Silex doesn't use access_control , but access_rules (dammit).

As Pazi (+1ed) suggested I combined everything under a single firewall and used access_rules :

$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'main' => array(
            'remember_me' => array(
                'key' => $config['secret_key'],
                'lifetime' => $config['remember_me_duration'],
            ),
            'pattern' => '^/',
            'anonymous' => true,
            'form' => array(
                'login_path' => '/login',
                'check_path' => '/admin/login_check',
            ),
            'logout' => array('logout_path' => '/admin/logout'),
            'users' => $app->share(function () use ($app) {
                // ...
            }),
        ),
    ),
    'security.access_rules' => array(array('^/admin/files', 'ROLE_ADMIN'),
    ),
));

Answer 2

一切都必须在同一防火墙下，并且您必须使用访问控制。

Answer 3

@Paul I'd prefer to add the comment but I can't do it yet, so as an answer than:

It looks like taking out

'pattern' => '^/admin'

string from the firewall pattern you have opened anonymous access to the /admin/login_check, and this is not right.

My suggestion is to take it back and remove

'anonymous' => 'true'

line from the firewall. Should work the same but would be more secured.