Symfony3 Login form : how to parametrize firewall in security.yml?
Question
My project is an interface entirely private and users have to sign in to enter. I try to build the login form. So, I don't need an /admin/ folder in my architecture.
I followed Symfony instructions to build a traditional login form.
When I try to get the home page (or another one), it redirects to the login form. At this point, everything is okay.
But my problem is that I have a redirect loop on my login page. When I try to sign in, it redirects every time on the login page instead of the page we trying to see.
I think there is a problem in my security.yml file, to the level of firewall config.
security.yml
First, I want to test my login form with a single and simple user but, at least, I will get users stored in a database. It's just for the test.
The secured area is my entire interface except the login page, that's why I did a login firewall (exactly as Symfony recommends it ).
security:
providers:
in_memory:
memory:
users:
mylogin:
password: mypwd
roles: 'ROLE_ADMIN'
encoders:
Symfony\Component\Security\Core\User\User: plaintext
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login_firewall:
pattern: ^/login$
anonymous: ~
secured_area:
pattern: ^/
provider: in_memory
form_login:
login_path: login
check_path: login
# csrf token options
csrf_parameter: _csrf_token
csrf_token_id: authenticate
csrf_token_generator: security.csrf.token_manager
logout:
path: /logout
target: /
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
Pages architecture :
- /default/index.html.twig
- /security/login.html.twig
routing.yml
login:
path: /login
defaults: { _controller: AppBundle:Security:login }
logout:
path: /logout
SecurityController.php
<?php
namespace AppBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
class SecurityController extends Controller
{
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request)
{
$authenticationUtils = $this->get('security.authentication_utils');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render(
'security/login.html.twig',
array(
'last_username' => $lastUsername,
'error' => $error,
)
);
}
}
Where I am wrong ? I don't understand why I have a redirect loop on my form. Moreover, when I put fake login and password, Symfony doesn't show errors as it should do :
login.html.twig
{% if error %}
<p class="bg-danger">{{ error.messageKey|trans(error.messageData, 'security') }}</p>
{% endif %}
I need advices, please help me ;-) Thanks !
2 answers
solution1
0 2016-04-04 07:53:15
Hi @Felurian your check_path must be behind your firewall.
For your Firewall you should change
main:
pattern: ^/
anonymous: false
form_login:
login_path: /login
check_path: /login_check
and
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
solution2
0 ACCPTED 2016-04-04 08:29:53
I found a solution which works for me, thanks to this thread .
Strangely, we have to put "anonymous: ~" inside the main firewall even if we want it private...
Now, when I try to access homepage, it redirects to my login form. When I sign in, the user is authenticated and it redirects to the homepage.
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
provider: in_memory
anonymous: ~
form_login:
login_path: /login
check_path: /login
# csrf token options
csrf_parameter: _csrf_token
csrf_token_id: authenticate
csrf_token_generator: security.csrf.token_manager
logout:
path: /logout
target: /
access_control:
- { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.