I have some issues setting up Symfony 2's security. I currently have this in my security.yml
security:
encoders:
Acme\AdminBundle\Entity\AdminUsers:
algorithm: bcrypt
Acme\UserBundle\Entity\Users:
algorithm: bcrypt
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
providers:
provider_admin:
entity: { class: AdminBundle:AdminUsers, property: username }
provider_user:
entity: { class: UserBundle:Users, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login$
security: false
anonymous: ~
recover:
pattern: ^/(recover-password|generate-hash)$
security: false
anonymous: ~
secured_area:
pattern: ^/
provider: provider_admin
host: admin.example.dev
form_login:
check_path: /login_check
login_path: /login
always_use_default_target_path: false
default_target_path: /
username_parameter: _username
password_parameter: _password
logout:
path: /logout
target: /
anonymous: ~
public_secured_area:
pattern: ^/dashboard
host: app.example.dev
provider: provider_user
form_login:
check_path: /dashboard/login_check
login_path: /login
always_use_default_target_path: false
default_target_path: /dashboard
username_parameter: _username
password_parameter: _password
logout:
path: /public/logout
target: /login
anonymous: ~
access_control:
- { path: ^/dashboard/*, roles: ROLE_USER }
- { path: ^/*, roles: ROLE_ADMIN }
As you can see, I have 2 different providers, 2 different firewalls and 2 different hosts. That's because I need to log users from the Users table on app.example.dev and users from the AdminUsers table on admin.example.dev.
This is what I have in my admin routing.yml:
login:
path: /login
host: admin.example.dev
defaults: { _controller: UserBundle:Security:login }
login_check:
path: /login_check
host: admin.example.dev
logout:
path: /logout
host: admin.example.dev
And this is what I have in my app routing.yml
public_login:
path: /login
host: app.example.dev
defaults: { _controller: PublicBundle:Default:login }
public_login_check:
path: /dashboard/login_check
host: app.example.dev
public_logout:
path: /dashboard/logout
host: app.example.dev
The way it's setup now everything works correctly on the admin side. On the app side the logout doesn't work, it says:
Unable to find the controller for path "/dashboard/logout". Maybe you forgot to add the matching route in your routing configuration?
404 Not Found - NotFoundHttpException
They seem to be setup in a similar manner and yet the solution for this is for me to setup an actual controller in the app. logout route, add a logout action with actual logout and redirect code for this to work. Which tells me something is wrong. Any idea what that is?
Also logging in didn't work at first either because I the 2 entries in the access_control section of the security.yml files were reversed until I read the docs again and I understood that the paths in there need to be listed from particular to general.
So my second question is about this: is there no way to tie an access_control entry to a certain firewall or at least to a host?
EDIT: Although I got the answer, see below, but I would still like to understand whether my last question, 2 paragraphs above this, is a valid one.
Thank you.
Change
public_secured_areafirewall like this:or change app routing like this:
Both route and logout path should be the same..