I try to create a simple login form with users created or registered thru the webapp.
This is my security.yml file
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
http_basic: ~
provider: our_db_provider
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
encoders:
App\Project\UserBundle\Entity\Users:
algorithm: bcrypt
providers:
our_db_provider:
entity:
class: App\Project\UserBundle\Entity\Users:
property: username
If i visit a page like /nl/admin/.. i can visit the page even when im not logged in. the acces control fails?
Even when i try to login i got invalid credentials.. but the credentials are right..
this is my controller
namespace App\Project\UserBundle\Controller;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
class LoginController extends Controller
{
public function loginAction(Request $request, AuthenticationUtils $authenticationUtils)
{
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('@ProjectUser/frontend/login/login.html.twig', array(
'last_username' => $lastUsername,
'error' => $error,
));
}
}
What am i missing ?
You have to "regexify" the _locale URI path in the access_control path, depending on how they are defined. For 2 letters only locales, you can write the access_control as following :
access_control:
- { path: ^/[a-z]{2}/admin/, role: ROLE_ADMIN }
or if you prefer to list them, something like :
access_control:
- { path: ^/(en|nl|de)/admin/, role: ROLE_ADMIN }
access_control paths are pure string patterns, they do not consider routing parameters...