Multiple firewalls (Admin and user)

0
votes

My application need 2 firewalls, one for Admin and the other for User. In my security.yml I config:

    admin:
        pattern:      ^/admin
        provider:     fos_userbundle
        form_login:
            login_path:     /admin/login
            use_forward:    false
            check_path:     /admin/login_check
            failure_path:   null
            default_target_path: /admin/dashboard
            always_use_default_target_path: true
        logout:
            path:     /admin/logout
            target: /admin
        anonymous: ~

    # defaut login area for standard users
    main:
        pattern:      ^/
        form_login:
            provider:       fos_userbundle
            csrf_provider:  form.csrf_provider
        logout:
            path:     /logout
        anonymous:    ~

I don't know whether this config is correct. Everything's OK when I login from main area, but when I login from admin, it's redirect me to the home path instead of default_target_path. I try to change provider to a custom provider (eg in_memory) to re-check the admin firewall, but I still login by user from fos_userbundle provider. Can you help me?

3
symfony

3 Answers

1
votes

i think it's because there is a main pattern main: pattern: ^/ it control even the ^/admin try to replace ^/ with ^/home or ^/main it will work on bothe

0
votes

Try removing anonymous and using access control instead. In theory Symfony2 will automatically redirect users from admin back, even if they are using the same login screen.

The security in Symfony2 is cascading (so /admin will also appear under main)

e.g. # defaut login area for standard users main: pattern: ^/ form_login: provider: fos_userbundle csrf_provider: form.csrf_provider logout: path: /logout

admin:
    pattern:      ^/admin
    provider:     fos_userbundle
    form_login:
        use_forward:    false
        failure_path:   null
        target: /admin/dashboard
        always_use_default_target_path: true
    logout:
        target: /admin

 access_control:
    - { path: ^/, roles: [IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER] }
    - { path: ^/admin, roles: [ROLE_ADMIN] }

you'll likely need different ROLES specified.

0
votes

I changed main firewall pattern to ^/(?!admin), everything's ok now. Thanks for your help! 

    main:
        pattern:      ^/(?!admin)
        provider:       default_provider
        anonymous:    ~

    admin:
        pattern:      ^/admin
        provider:     admin_provider
        anonymous:    ~