FOSFacebookBundle & FOSUserBundle for differents users in front & back

Question

I want to use the FOSFacebookBundle with the FOSUserBundle to manage:

• a front with facebook connect
• a backoffice for admin users with a classic login/password (no facebook connect here!)

I'm using Propel as ORM and the AdminGeneratorGeneratorBundle for managing the backoffice. I've overriding the propel's schema.yml file of FOSUserBundle to add specific "facebook fields".

The process works fine for the front, but when I'm trying to access to the "/admin" url, its not working properly. I've got the "login" page but when I enter login/password, I'm redirecting to facebook connection page...

Is it only a config file misconfiguration or am I in the wrong way for my needs?

here is my config files:

security.yml

security:
providers:
    fos_userbundle:
        id: fos_user.user_provider.username
    fos_facebook_provider:
        id: my.facebook.user

encoders:
    FOS\UserBundle\Model\UserInterface: sha512

firewalls:
    # Firewall public / FB Connect
    public:
        # since anonymous is allowed users will not be forced to login
        pattern:            ^/.*
        fos_facebook:
            provider:       fos_facebook_provider
            app_url:        "http://apps.facebook.com/fb-localhost-testing/"
            server_url:     "http://localhost/fb-localhost-testing/"
        anonymous:          true

    # Firewall zone admin
    admin_area:
        pattern:                  ^/admin
        form_login:
            provider:             fos_userbundle
            csrf_provider:        form.csrf_provider
            login_path:           /admin/login
            check_path:           /admin/login_check
            default_target_path:  /admin/
        logout:        
            path:                 /admin/logout
            target:               /admin/login
        anonymous:                true

access_control:
    - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/connected/.*, role: [ROLE_FACEBOOK] }
    - { path: ^/.*, role: [IS_AUTHENTICATED_ANONYMOUSLY] }

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

config.yml

# FOSUser Configuration
fos_user:
    user_class:         FOS\UserBundle\Propel\User
    db_driver:          propel
    firewall_name:      main

# FOSFacebook Configuration
fos_facebook:
    alias:              fb-localhost-testing
    app_id:             mmyid
    secret:             mysecret
    cookie:             true
    permissions:        [email, user_birthday, user_location]

services:
    my.facebook.user:
        class:              MyProject\Security\User\Provider\FacebookProvider
        arguments:
            facebook:       "@fos_facebook.api"
            userManager:    "@fos_user.user_manager"
            validator:      "@validator"

Answer 1

Solution: we need to define the specific pattern before the global ones.

To solve my problem, I've just switch the 2 firewalls blocks public & admin_area:

1. first, the admin_area firewall with his specific "^/admin" pattern
2. second, the public one with the global "^/.*" pattern.