Clever Geek Handbook

Secure all urls in Symfony2

I am using Symfony 2.6.6. And my structure folder

ExampleBundle
   Controller
       LoginController.php
       Other1Controller.php
       Other2Controller.php
       ...

LoginController

has loginAction()

and will loginCheckAction()


loginAction()

display a registration form and loginCheckAction()

to verify this.

I see several tutorials for creating LoginController.php

. After the user logs in using validation, I set:

$session->set('login', $login);

My goal: All users must be logged in before accessing the entire page of my web application.

But my site has a lot of controllers and actions (pages).

My idea : check 'login' session exists in all Action of all Controller and redirects the login action if it doesn't exist.

But I think this is too tame. What's the best way to do this with Symfony?

Update 1:
After this I am trying to add some code to my file security.yml

. It is redirected to the login page if the user is not registered, but it is always redirected to the login page. I want the user to be logged in (has a "login" section), he can access other pages. how to do it thanks

# .../security.html
security:
    firewalls:
       ex_login:
            pattern:  ^/ex/login$
            anonymous: ~
            security: false
        secured_area:
            pattern:    ^/ex
            form_login:
                check_path: /ex/logincheck
                login_path: /ex/login
            logout:
                path: /ex/logout
                target: /ex

update 2
here is mineLogin Controller 

       loginAction() {
           $session = $this->getRequest()->getSession();
           if ($session->has('login')) {
               //redirect to home/index
           }else {
               //render login form
           }
       }
       logincheckAction(Request $request) {
           if($request->getMethod()=='POST') {
                // check user input (username && password) in database
                if (ok){
                     $session->set('login', 'true');
                     //redirect to home/index
                }
                else {
                     //redirect to login/index
                }
           }else {
                //redirect to login/index
           }
       }
       logoutAction() {
           //remove login session
           // redirect to login/index
       }

Here is my Other1Controller.php 

indexAction(){
   echo 'page1';
}

It is always redirected to the login page. After I fill in my field and ask to login, is it still redirected to the login page? how can i fix this thanks.

+3


source to share


2 answers


My idea is to protect all urls, unless some needs are related to registration and logout

 access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/, role: ROLE_USER }


Make sure every user has at least ROLE_USER

+2


source


Take a look at the firewall component. You can make automatic redirection when a user should be logged in.



Official documentation

-1


source






More articles:


All Articles