Questions tagged [symfony-security]

The Symfony security component is a standalone library that can be used outside of Symfony2 projects.

Symfony security component provides a complete security system for your web application. It ships with facilities for authenticating using HTTP basic or digest authentication, interactive form login or X.509 certificate login, but also allows you to implement your own authentication strategies. Furthermore, the component provides ways to authorize authenticated users based on their roles, and it contains an advanced ACL system.

Useful links

276 questions
0
votes
1 answer

Users are disconnected in 5/6 minutes

With Symfony 3.3.16, my users are disconnected in 5/6 minutes. I don't understand. This problem is only in production (OVH), not in dev. session.gc_maxlifetime : 1440 security.yml : security: encoders: AppBundle\Entity\User: bcrypt …
Gaylord.P
  • 1,539
  • 2
  • 24
  • 54
0
votes
1 answer

Deprecation notice when using in_memory security user

Running Symfony 3.3.15 I'm currently having some issues with the autowiring mechanism. The following deprecation warning is showing up 3 times in my log: Autowiring services based on the types they implement is deprecated since Symfony 3.3 and…
exepti0n
  • 491
  • 4
  • 14
0
votes
1 answer

Symfony 4, role checking from annotation, is it possible to call a user role validate function?

With Symfony (I learn from Symfony 4), I want allow access to a custom controller depending of the role of the connected user. In the annotations , I see I can manage the role access with : /** * @Security("has_role('ROLE_ADMIN')") */ public…
spacecodeur
  • 2,206
  • 7
  • 35
  • 71
0
votes
2 answers

Why Symfony dont use a Form to handle security component login?

From document https://symfony.com/doc/current/security/form_login_setup.html that describe how to setup a login form that work with Symfony Security component, I am surprised to not see the use of Symfony Form component. They render the form in pure…
Thomas Decaux
  • 21,738
  • 2
  • 113
  • 124
0
votes
1 answer

Check if the user is authenticated on not secured route

I'm trying to build a simple login using symofny/security package in Silex, but I have a small problem with authentication checking. The structure: / /login /admin /login_check /logout In order to get to the /admin route user needs to be…
Dawid Zbiński
  • 5,521
  • 8
  • 43
  • 70
0
votes
1 answer

Symfony : What is the best method for check authorization

I have two entities : Document and DocumentValidation Document : class Document { ... /** * @ORM\OneToMany( * targetEntity="AppBundle\Entity\DocumentValidation", * mappedBy="document", * cascade={"persist"} …
Gaylord.P
  • 1,539
  • 2
  • 24
  • 54
0
votes
1 answer

Symfony 2.8: How to prevent editing user's service fields

I'm newby in Symfony, so excuse my ignorance. In my project i use Sonata User Bundle, with User entity extended by several fields. Some of them can be edited by user himself, while others are serviceable and they can only be edited by the admin. The…
0
votes
1 answer

Symfony 2.8 session lost after login_check redirect

I am currently porting my old custom framework to a Symfony-based custom framework using Symfony's components. So far everything is going smoothly, except for the login part. Here are a few details about the project: I'm using Symfony Security…
thePHPHero
  • 169
  • 3
  • 10
0
votes
2 answers

After successful authentication token is not authenticated

I'm new in Symfony 3.2. I need to implement form authentication. User fetches from database. After post to /login onAuthenticationSuccess event fires, but token is still unauthenticate: What i am doing wrong? security.yml security: encoders: …
Dmitriy Korobkov
  • 867
  • 1
  • 11
  • 25
0
votes
1 answer

Symfony 3 - Firewall exlude one host

On one of my firewalls I would like to exlude one specific host. I tried many regex without success. Bellow my example: api: host: ^(?!.*(app\.domain\.com)) pattern: .* Thank you in advance.
user2802154
  • 76
  • 1
  • 7
0
votes
1 answer

Symfony, how can I make the credential from an in_memory provider private in a public code base?

I setup a Symfony project to use some credential from an in_memory provider: providers: in_memory: memory: users: user1: password: password1 roles: 'ROLE1' Now the code…
heapOverflow
  • 1,195
  • 2
  • 15
  • 28
0
votes
1 answer

How do I configure Symfony security.yml in phalcon project?

I am trying to use Symfony's security component in a phalcon project. I read symfony security.yml documentation but I am not sure how that configuration gets injected and how can I make it available in phalcon project. So far, I have configured…
traditional
  • 942
  • 10
  • 19
0
votes
1 answer

Using Google Authenticator with Symfony Security

I'm looking to add 2 factor login to my Silex app. However, I'm having some road blocks on how to get this working correctly. my biggest sticking point is having the firewall not fully log the user in and instead direct them to a page to confirm…
Eman
  • 1,093
  • 2
  • 26
  • 49
0
votes
0 answers

Symfony 3 login after registration with Advanced User Interface

I implemented Symfony security component. I have user entity that is stored in my database. It implements UserInterface and Serializable. After registration I login user automatically with this part of code. private function…
KondukterCRO
  • 543
  • 2
  • 16
  • 31
0
votes
1 answer

Security setup with FOS for EasyAdminBundle

I'm playing with EasyAdminBundle and now I am trying to setup the security via form login from FOS UserBundle. However, it does not really work. Instead of being successfully logged in, I always get redirected to the "failure_path" in the…