filemonczyk filemonczyk - 17 days ago 8
PHP Question

Silex security configuration

I'm struggling with silex security:

I have the following:

$app->register(new Silex\Provider\SecurityServiceProvider());


and later on :

$app['security.firewalls'] = array(
'admin' => array(
'pattern' => '^/admin',
'http' => true,
'users' => array(
// raw password is foo
'admin' => array('ROLE_ADMIN', '5FZ2Z8QIkA7UTZ4BYkoC+GsReLf569mSKDsfods6LYQ8t+a8EW9oaircfMpmaLbPBh4FOBiiFyLfuZmTSUwzZg=='),
),
),
);


but when i hit path "localhost/admin" Im getting:

Found error: No route found for "GET /admin"


cant understand the docs on page of silex rly.. Should I register security filters with controllers?

Idefined as follows function in controller:

public function admin(){
return 'Hello';
}


and route for this is:

$app->get('/admin', 'app.vendor_controller:admin');


now Im getting:

Hello


as soon as i hit path /admin , without authentication form. So there is no authentication proccess included...

EDIT~~~~~~~~~~~~~~~~~~~~~

OK, so now after hitting url/admin I'm getting authentication banner with fields to put, as user and password, I'm typing admin , foo but there is no effect on this.

`A username and password are being requested by http://localhost:8080. The site says: “Secured”`


the code looks as follows:

$app['security.firewalls'] = array(
'admin' => array(
'pattern' => '/admin',
'http' => true,
'users' => array(
'admin' => array('ROLE_ADMIN', 'foo')
)));
$app['security.access_rules'] = array(
array('/admin', 'ROLE_ADMIN'),
);

$app->register(new Silex\Provider\SecurityServiceProvider(), array(
'security.firewalls' => array(
'pattern' => '/admin',
'http' => true,
'users' => array(
// raw password is foo
'admin' => array('ROLE_ADMIN', 'foo'),
))));

Answer

You configured a firewall that match every /admin* urls, but that don't mean that every URL requires authentication. You can be an anonymous user, and that would be fine. If you want tell silex that "the user need the ROLE_ADMIN to be allowed here", you need to add

$app['security.access_rules'] = array(
    array('^/admin', 'ROLE_ADMIN'),
);
Comments