CODEWITHSUNDEEP
phpsecuritysymfony
Kevin
Kevin

Reputation: 1569

InvalidConfigurationException with Symfony2 security configuration

This is my security.yml

security:
    providers:
        in_memory:
            memory: ~

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        admin_login:
            pattern: ^/admin/login$
            http_basic: ~

        admin:
            pattern: ^/admin
            form_login:
                login_path: /admin/login
                check_path: /admin/loginCheck

        account:
            pattern: ^/account
            http_basic: ~

            # form_login:
            #     login_path: /login
            #     check_path: /loginCheck

        main:
            anonymous: ~

Everything is okay but when I change ^/account firewall to use form_login instead of http_basic, It throw some exceptions:

 1/2 LogicException in MainConfiguration.php line 333: The check_path "/loginCheck" for login method "form_login" is not matched by the firewall pattern "^/account".
 2/2 InvalidConfigurationException in BaseNode.php line 313: Invalid configuration for path "security.firewalls.account": The check_path "/loginCheck" for login method "form_login" is not matched by the firewall pattern "^/account".

I do know Symfony2 documentation recommended just use one and only one main firewall but this configuration is just for research multiple firewalls.

I think the scenario:

  1. Enter ^/admin, because ^/admin firewall requires form_login so it redirects to ^/admin/login firewall.
  2. ^/admin/login firewall requires http_basic so users need to enter their username & password to see ^/admin/login form.
  3. Enter ^/account, because ^/account firewall requires form_login so it redirects to ^/login (main firewall)

I don't know the above scenario is correct? How to fix this error? Please help me, thank you!

Upvotes: 2

Views: 459

Answers (1)

Jovan Perovic
Jovan Perovic

Reputation: 20193

If I'm right, you cannot get authenticated on one firewall and then use the token on second one. As soon as security component authenticates you on one, it stop processing of other firewalls.

Having multiple firewalls is perfectly legitimate but their contexts will be totally separated.

As for the error, Symfony2 dictates that login form, by URL, must be within firewall prefix. If you had a firewall prefixed with /account/ your login form would have to be something under that prefix, e.g. /account/login. Then, using access control list on the bottom of security.yml you should enable anonymous access to that login form.

Hope this clarifies things a bit...

Upvotes: 2

Related Questions