CODEWITHSUNDEEP
phpsecuritysymfonyauthentication
Fabian
Fabian

Reputation: 1846

Symfony2 Security Configuration - How to use two firewalls side by side

I want to use a symfony2 application with 2 firewalls: one with users from database for the frontend, and another with in memory users for the backend.

I have read through all the documentations and various stackoverflow questions, but I cannot solve my problem.

This is my security.yml configuration so far:

security:
    firewalls:
        frontend:
            pattern:    ^/
            provider: fe_users
            anonymous: ~
            form_login:
                username_parameter: _email
                login_path:  _login
                check_path:  _login_check
                remember_me: true
                default_target_path: _profile
                #always_use_default_target_path: true
            logout:
                path: /logout
                target: /
            remember_me:
                key: MiPassphrase
                lifetime: 1800
                path: /.*
                domain: ~
        backend:
            pattern:   ^/backend
            provider: be_users
            anonymous: ~
            http_basic:
                realm: ""

    access_control:
        - { path: ^/backend$, roles: ROLE_ADMIN }
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }

    encoders:
        vv\xx\Entity\User:
            algorithm: bcrypt
        Symfony\Component\Security\Core\User\User: plaintext

    providers:
        fe_users:
            entity: { class: vvxx:User, property: email }
        be_users:
            memory:
                users:
                    d: { password: c, roles: 'ROLE_ADMIN' }

What happens with that:

The frontend authentication works fine. If user is not logged in to frontend, the visit of /backend redirects me to /login. If user IS logged in (and authenticated) to frontend, the visit of /backend gives me a 403 access denied. A "classic" http authentication loginform never appears.

Can anybody have a look at my configuration and figure out what I'm doing wrong here?

I really appreciate your help :)

Upvotes: 0

Views: 1613

Answers (1)

Chase
Chase

Reputation: 9362

Firewalls are matched on a first match basis. Your least restrictive patterns should come after more restrictive ones in your firewall list. Currently your frontend pattern is matching everything so your backend pattern is never being checked.

As Igor Pantovic suggests:

Try inversing firewall order, place backend before frontend

Upvotes: 4

Related Questions