Reputation: 81
symfony2 security.yml working only in dev environment
Working on my first symfony project I was following the tutorial about the security mechanisms. I started using the "http_basic" mode in my firewall. The strange thing is that it works only in dev mode and not in prod. This is my security.yml:
jms_security_extra:
secure_all_services: false
expressions: true
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
test: {password: test, roles: [ 'ROLE_USER'] }
admintest: { password: admintest, roles: [ 'ROLE_ADMIN' ] }
firewalls:
prod:
pattern: ^/
http_basic:
realm: "Secured B2B Area"
security: true
access_control:
- { path: ^/B2B, roles: ROLE_USER }
- { path: ^/, roles: ROLE_ADMIN }
I created the project with NetBeans.
What I see is that if I use the path: app_dev.php/B2B I can see the login/pwd interface and everything works fine, but if I use the path app.php, I can directly access my site without any authorization request.
After any security.yml changes, I cleared the cache with the command: php console cache:clear --env=prod --no-debug
Where am I wrong?
Upvotes: 1
Views: 1533
Answers (1)
Reputation: 12727
DEV and PROD environment use the same session context. So you must log out (from any environment) to see the login form.
Upvotes: 1
Related Questions
- symfony security prod doesn't work
- Different security.yml files for different environments
- Symfony security is granted
- Symfony2 Error Security.yml
- security.yml causes InvalidArgumentException: "You must at least add one authentication provider"
- Problems with security.yml on symfony
- Symfony2 Secure by IP not working
- access_control security.yml
- Symfony2 Security.yml
- deny symfony credentials in security.yml