1

I am attempting to setup basic HTTP browser-based authentication for a section of my Symfony 2 application called /secret.

I would like the /secret page to be publicly accessible, but any page below /secret such as /secret/landing would be behind a SF2 firewall.

When I go to /secret (or of its any child page) I get redirected to my application's /login page instead and I can't see why?

security:
    providers:
        sylius_user_provider:
            id: sylius.user_provider.name_or_email
        in_memory:
            memory:
                users:
                    secret:
                        password: secret
                        roles: 'ROLE_SECRET'

    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    firewalls:
        main:
            switch_user: { role: ROLE_ADMINISTRATION_ACCESS }
            context:     user
            pattern:     /.*
            form_login:
                provider: sylius_user_provider
                login_path: /login
                check_path: /login_check
                failure_path: /login
                default_target_path: /
                use_forward:  false
                use_referer: true
            remember_me:
                key: %sylius.secret%
                name: APP_REMEMBER_ME
                lifetime: 31536000
                always_remember_me: true
                remember_me_parameter: _remember_me
            oauth:
                resource_owners:
                    facebook: "/login/check-facebook"
                    google:   "/login/check-google"
                    amazon:   "/login/check-amazon"
                login_path:   /login
                failure_path: /login
                oauth_user_provider:
                    service: sylius.oauth.user_provider
            logout: true
            anonymous: true

        secret:
            pattern: ^/secret/.*
            http_basic: ~
            provider: in_memory
            context: secret

    access_control:
        - { path: ^/secret/.*, roles: ROLE_SECRET }
Improve this question

2 Answers 2

Reset to default
2

try adding to access control

- { path: ^/secret, roles: IS_AUTHENTICATED_ANONYMOUSLY}

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

In the event it helps someone in future, this is what I done in security.yml:

firewalls:
    secret:
        pattern: ^/secret/$
        anonymous: true

    secret_secured:
        pattern: ^/secret/.*$
        http_basic: ~
        provider: in_memory
        context: secret


access_control:
    - { path: ^/secret, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/secret/.*, roles: ROLE_SECRET }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.