Per-host Firewalls in Symfony2

Question

Is it possible to map firewalls to a given host, something like this for example:

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    admin:
        pattern: ^/
        host: admin.mysite.com
        http_basic:
            provider: in_memory
            realm: 'MySite Admin'
        logout: 
    main:
        pattern: ^/
        anonymous: ~
        form_login:
            provider: fos_userbundle
        ...

Note the fake "host" param under the admin firewall.

The ability to limit firewalls to particular hosts would make it easy to use providers on a per-host basis. With different domains one doesn't have to worry about overlapping patterns.

Answer 1

Per host routing has been added in 2.2, support for per-host firewalls were added in 2.4.

Fabien's blog post: http://symfony.com/blog/new-in-symfony-2-4-restrict-security-firewalls-to-specific-hosts

Answer 2

Basically, pretty much any authentication scheme can be implemented with the given Security Concept. In your case you would probably need to define an EntryPoint that also check the host a user is coming from. However you should keep in mind, that the "host" information is not necessarily trustworthy and should probably not be your only measure of authentication.

If you want to find out how to implement an authentication scheme of your own, check out the form-login authentication scheme already provided in the framework bundle. A good place to start is the security factory (Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FormLoginFactory) which handles the dynamic configuration and injection of all classes involved in the authentication scheme. Also check out the symfony book's section on security for a high level view of the security bundle's architecture.