I am working in a project where I will need two firewalls or secured areas. The first firewall/secured area will allow login/logout using HWIOAuthBundle using Salesforce as provider, the second firewall/secured area will allow login/logout through FOSUserBundle since this is for internal sysadmin and so on. I have a doubt trying to get security.yml file well setup since I don't know how to deal with pattern parameter. I have read Security reference but have not idea in how to do this. This is what I have at the moment:
firewalls:
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/
anonymous: ~
How should I configure pattern in that case?
Update: firewalls not working
This is how the firewalls section looks after users answer:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
post_only: true
always_use_default_target_path: true
target_path_parameter: _target_path
use_referer: false
failure_path: null
failure_forward: false
logout:
path: fos_user_security_logout
target: /
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
But if I try http://appdev.local/app_dev.php/admin/ I got this error:
InvalidConfigurationException in BaseNode.php line 313: Invalid configuration for path "security.firewalls.admin_area": The check_path "/login_check" for login method "form_login" is not matched by the firewall pattern "^/admin".
Why?
Edit 2: what about if have FOSUserBundle && HWIOAuth work together?
As additional info and I forgot to tell this from the very beginning, I have and need FOSUserBundle && HWIOAuth installed and I am trying to get both working as should be. In that case this is how my routing.yml looks like:
#HWIOAuthBundle
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
salesforce_login:
pattern: /login/check-salesforce
#PDOne
pd_one:
resource: "@PDOneBundle/Controller/"
type: annotation
prefix: /
template:
resource: "@TemplateBundle/Controller/"
type: annotation
prefix: /
#FOSUserBundle
fos_user:
resource: "@FOSUserBundle/Resources/config/routing/all.xml"
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"
#SonataAdmin
admin:
resource: '@SonataAdminBundle/Resources/config/routing/sonata_admin.xml'
prefix: /admin
_sonata_admin:
resource: .
type: sonata_admin
prefix: /admin
How I should deal with prefix between FOSUserBundle && HWIOAuth?
Just simply
firewalls:
#this is the secured area accessed through web browser and only internals are allowed to login
admin_area:
pattern: ^/admin
anonymous: ~
#this is the public area accessed by/from iOs app and only users registered at Salesforce as rep can login
rep_area:
methods: [GET, POST]
pattern: ^/
anonymous: true
logout: true
It's a regex telling symfony that all routes ^ (beginning) with / follow this rule. Or /admin follow another rule. The firewall will always follow whatever rule it matches first. So your admin rule must come first or else it won't work.
Edit
In your routes settings where you add in the security routes for FOS UserBundle try having /admin appended as a prefix. Could be because /admin is your rule but the route being generated for login is host.com/login instead of host.com/admin/login
fos_user_security:
prefix: /admin
resource: "@FOSUserBundle/Resources/config/routing/security.xml"