Accessing app.user in unsecured area, silex

StackOverflow https://stackoverflow.com/questions/21909574

  •  14-10-2022
  •  | 
  •  

Question

I have this configuration for firewall : 

$app->register(new Silex\Provider\SecurityServiceProvider(), array(
     'admin' => array(
            'pattern' => '^/admin',
            'form' => array(
                'login_path' => '/#login',
                'check_path' => '/admin/login_check',
            ),
            'logout' => array(
                'logout_path' => '/admin/logout',
            )
        ),
    'unsecured' => array(
            'anonymous' => true,
            'pattern' => '^.*$',
        ),
    ));

and also this for security.rules : 

$app['security.access_rules'] = array(
    array('^/admin', 'ROLE_ADMIN'),
    array('.*', 'IS_AUTHENTICATED_ANONYMOUSLY'),
);

I see this answer : Silex/Symfony Security Firewall Access user token outside the secured area But the problem is, I can not access the app.user in "/" page and is_granted (in twig) always return false to any input.

I don't know if the ACL mentioned in that answer is something else (other than the access_rules) or I do something wrong.

Was it helpful?

Solution

I believe a user (token) is only accessible within the firewall that logged it in. So as long as you are within /admin part of your site you would have access to the app.user, but not within the "unsecured" firewall.

To have the behaviour you are looking for, you need to have one overall/sitewide firewall with the pattern of ^/ and then use access rules to restrict access to /admin.

$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'main' => array(
        'pattern' => '^/',
        'anonymous' => true,
        'form' => array(
            'login_path' => '/#login',
            'check_path' => '/admin/login_check',
        ),
        'logout' => array(
            'logout_path' => '/admin/logout',
        )
    ),
));

$app['security.access_rules'] = array(
    array('^/admin', 'ROLE_ADMIN'),
    array('^/', 'IS_AUTHENTICATED_ANONYMOUSLY'),
);

So a brand new user to your site would be immediately authenticated anonymously, until they login with a role that allows them to access /admin.

It's also worth noting that if you were to have your login form within admin area, as something like /admin/login. Them you would need to add an anonymous access rule for the login URL.

Hope this helps!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top