How perform authorization with session Symfony2 in 3rd party application

Question

I have problem with following scenario:
In my Symfony2 application, user which is logged in, open 3^rd party application (filenamager for TinyMCE). How to authorize user with credentials from SF2 application?

If user check remember_me on login page, this work:

//Bootstrap of 3rd party app
require_once('../../../app/bootstrap.php.cache');
require_once('../../../app/AppKernel.php');

$kernel = new AppKernel('prod', false);
$request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
$container = $kernel->getContainer();
if(false == $container->get('security.context')->isGranted('ROLE_USER'))
{
  $response = new \Symfony\Component\HttpFoundation\RedirectResponse('http://'.$request->getHost());
  return $response->send();
}

But if is not logged in with remember_me, this cause redirect to login page.

Answer 1

My suggestion is to place tinyMCE (any 3rd party app on your site) behind the firewall.

#security.yml
firewalls:
    tiny_mce:
        pattern: ^/path/to/your/tinymce/dir
        http_basic: # Any authentication provider here
            realm: "Secured Demo Area"

When user will open tinymce, browser will request for http://example.com/path/to/your/tinymce/dir/tinymcefile.html. And symfony will require user for authentication, because you have mentioned this path in your security.yml

Update

Also this issue may appear when you was logged in on dev environment and then you try to access path from prod env or inverse! I see that for tiny mce you use dev env. Check on what env you was logged in previously.

Answer 2

On the security.yml you can set up that remember me is by default YES. Here is the reference, i don't want to copy on the whole config file.

Symfony reference