Symfony 2: Protect route with htpasswd

Question

I'm on Symfony 2.3 and need to protect different routes with different htpasswd restrictions.

There is one on the main route / and one on another route, like for example /restricted/user.

Since http basic auth is broken in security.yml (in combination with some apache and cgi configs), I need to do this in the .htaccess, that exist in the web/ directory.

I already have the / route secured, but how can I add another route that obviously does not exist as a directory?

score 0 · Answer 1 · answered Dec 10 '15 at 11:32

symfony provides a very simple way to handle this, to make areas of your website secured or even accessible by different roles you can use the access_control in your security.yml

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/restricted/user, role: ROLE_ADMIN }

I know that this is possible, but this involves a login page, roles, etc. I just wanted to have a plain old http basic auth. — Johannes Klauß, Dec 10 '15 at 12:02

Symfony 2: Protect route with htpasswd

1 Answers1