Simple silex firewall rules explained
It's annoying trying to set up your first Silex application with a working set of firewall rules. Here's one set that I have tested and works fully. These firewall rules do the following:
- Allows anonymous access to the homepage (/)
- Allows anonymous access to the login page (/login)
- Requires ROLE_USER access for any other page you create (/dashboard, /somethingelse etc)
Feel free to use this as a base for your own Silex projects. I'll shortly be putting up a working Silex with authentication application on my Github.
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
'security.firewalls' => array(
'login_path' => array(
'pattern' => '^/login$',
'anonymous' => true
),
'default' => array(
'pattern' => '^/.*$',
'anonymous' => true,
'form' => array(
'login_path' => '/login',
'check_path' => '/login_check',
),
'logout' => array(
'logout_path' => '/logout',
'invalidate_session' => false
),
'users' => $app->share(function($app) {
return new App\User\UserProvider($app['db']);
}),
)
),
'security.access_rules' => array(
array('^/login$', 'IS_AUTHENTICATED_ANONYMOUSLY'),
array('^/.+$', 'ROLE_USER')
)
));Written by James Mallison
Related protips
2 Responses
Hi
I had the same problem but it looks like in your solution there is one mistake. The path to the /login_check is public which is not right, isn't it?
over 1 year ago
·
I agree with krzysiaczek.
https://github.com/symfony/Security/blob/dbc6f9f8cfebf4dede4639a733305baec94ab3bb/Http/Firewall/AbstractAuthenticationListener.php#L176
over 1 year ago
·
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Php
Authors
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#