4

I'm new to Symfony2. I read documentation and saw some config for login form http://symfony.com/doc/current/cookbook/security/form_login_setup.html

# app/config/security.yml
security:
    # ...

    firewalls:
        default:
            anonymous: ~
            http_basic: ~
            form_login:
                login_path: /login
                check_path: /login_check

I dont understand why there are 2 security methods http_basic and form_login in the same firewall? Which method security system will use? http_basic or form_login or both? Is it redundant? Some questions above seem stupid but It seems symfony2 security component documentation so poor.

Wouter J
  • 41,455
  • 15
  • 107
  • 112
Kevin
  • 1,403
  • 4
  • 18
  • 34

1 Answers1

3

In old Symfony documentation there was a small tip:

When the user is not authenticated and if there is more than one authentication mechanisms, Symfony2 automatically defines a default entry point (in the example above, the login form; but if the user send an Authorization HTTP header with wrong credentials, Symfony2 will use the HTTP basic entry point).

But in next versions when documentation were reorganized it was reduced and I don't know why.

So I opened a new issue in symfony-docs repository on GitHub with the proposal to restore the tip.

The quote from @WouterJ's answer:

The code seems to no longer work as described in the quoted paragraph. It seems to always use form login, except when there is no Authentication header sent and the HTTP basic credentials are correct.

So you were right — it's not trivial at all. Just follow the issue if you want to know the conclusion.

Community
  • 1
  • 1
chapay
  • 1,315
  • 1
  • 13
  • 20
  • I know http_basic and form_login but I'm confused by the config in cookbook. Why there are 2 security methods in the same firewall? http_basic is redundant if we have form_login? – Kevin Feb 09 '15 at 09:06
  • 1
    @Geany: You were right — it's not trivial to find the answer. I'm going to post an issue to `Symfony` documentation. – chapay Feb 10 '15 at 12:47
  • 1
    Okay thank you @Andrey. Now I want to dig into security component to build a custom authentication but it seems security component and bundle very few information and hard to understand. – Kevin Feb 10 '15 at 12:58
  • @Geany: Added more information based on the answers to the issue – chapay Feb 24 '15 at 12:38