Security In Symfony2?
https://stackoverflow.com/questions/10247496
-
02-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have created a simple application with symfony2. the user can login with his/her username and password. I have created a simple view for login screen and then i check the user credintials in my controller. I havent used the symfony2 security. here is my controller code :-
namespace College\UserBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use College\UserBundle\Entity\User;
use College\UserBundle\Entity\Usertype;
use College\UserBundle\Form\LoginForm;
use College\UserBundle\Form\RegisterForm;
class UserController extends Controller
{
public function indexAction()
{
$entity = new User();
$form = $this->createForm(new LoginForm(), $entity);
$request = $this->getRequest();
if ($request->getMethod() == 'POST') {
$form->bindRequest($request);
if ($form->isValid()) {
$em = $this->getDoctrine()
->getEntityManager();
$em->persist($entity);
$userrepository = $em->getRepository('CollegeUserBundle:User');
$auth = $userrepository->findOneBy(array('login' => $entity->getLogin(), 'password' => $entity->getPassword()));
if($auth)
{
$session = $this->getRequest()->getSession();
$session->set('user', $auth);
$this->get('session')->setFlash('notice', 'You Have Successfully Logged In!');
return $this->redirect($this->generateUrl('CollegeUserBundle_home'));
}
else
return $this->render('CollegeUserBundle:User:loginpage.html.twig',array(
'form' => $form->createView(), 'error' => 'Please Correct Your Login Details And Enter the Correct login and Password', ));
}
}
return $this->render('CollegeUserBundle:User:loginpage.html.twig',array(
'form' => $form->createView()
));
}
public function loginAction()
{
$session = $this->get('session')->get('user');
return $this->render('CollegeUserBundle:User:home.html.twig', array(
'info' => $session,));
}
public function logoutAction()
{
$this->get('request')->getSession()->invalidate();
return $this->redirect($this->generateUrl('CollegeUserBundle_index'));
}
Routing.yml
CollegeUserBundle_index:
pattern: /
defaults: { _controller: CollegeUserBundle:User:index }
requirements:
_method: GET|POST
CollegeUserBundle_home:
pattern: /home
defaults: { _controller: CollegeUserBundle:User:login }
requirements:
_method: GET|POST
CollegeUserBundle_logout:
pattern: /logout
defaults: { _controller: CollegeUserBundle:User:logout }
requirements:
_method: GET
Entity (User.php)
This file contains all user details including Username, Created Date, login, password and usertype.
Now I want to do everything Authentication and autherization with symfony security. I read the tutorial but couldn't understand everything. like how can i authenticate with my same controller, how it takes ADMIN_ROLE, USER_ROLE, Do I need to create a table for these ROLES. I have a lot of Confusions related to this topic. I found the tutorial great till now, but here i am Lost and need someone who can help me with it.
Solution
Look at my security.yml, my users have to login if they want to see any page (else they're redirecting to the login form)
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/(login$|register|resetting)
anonymous: true
main:
pattern: ^/
form_login:
login_path: /login
check_path: /login_check
username_parameter: _login
password_parameter: _password
remember_me:
key: %secret%
anonymous: false
provider: main
logout: true
logout:
path: /logout
target: /
Be carefull about the username and password parameter, they must be the same as the name of your username and password field name's of your login form.
And about the Roles, i created a role entity (table) with a many-to-many relation with my user entity. So the role entity is just a table with my roles and their id's for the relation table.
Hope i'm clear and i help you.
