Stack Overflow
Stack Overflow

Questions tagged [symfony-security]

The Symfony security component is a standalone library that can be used outside of Symfony2 projects.

Symfony security component provides a complete security system for your web application. It ships with facilities for authenticating using HTTP basic or digest authentication, interactive form login or X.509 certificate login, but also allows you to implement your own authentication strategies. Furthermore, the component provides ways to authorize authenticated users based on their roles, and it contains an advanced ACL system.

Useful links

276 questions
6
votes
3 answers

Symfony2 security: Multiple providers

I have 2 bundles in my project: src/Korea/AlmacenBundle src/Galvez/RepuestosBundle Each with their own database korea_motos -> AlmacenBundle galvez_motos -> RepuestosBundle Actually my security.yml has only one provider: providers: …
Andy.Diaz
  • 3,369
  • 2
  • 22
  • 24
5
votes
2 answers

What is the purpose of the AuthenticatorInterface::supports() method?

In Symfony 4, the AuthenticatorInterface::supports() method has the following comment: interface AuthenticatorInterface extends AuthenticationEntryPointInterface { /** * Does the authenticator support the given Request? * * If…
Loupax
  • 4,728
  • 6
  • 41
  • 68
5
votes
1 answer

Symfony2 - set security access_control to allow only authenticated anonymously

Let's say I have my access_control block under the security.yml: access_control: - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/reset-password, roles: IS_AUTHENTICATED_ANONYMOUSLY } In this case everyone is alowed to enter…
Ignas Damunskis
  • 1,515
  • 1
  • 17
  • 44
5
votes
1 answer

Symfony security redirect to login page

If I have a secured route, let's say like panel from below, Symfony will allow access only to logged in users. - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path:…
George Irimiciuc
  • 4,573
  • 8
  • 44
  • 88
5
votes
2 answers

Symfony access control with variable inside route

I'm defining security for my website in security.yml - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - {…
George Irimiciuc
  • 4,573
  • 8
  • 44
  • 88
4
votes
1 answer

How to verify a password on Symfony?

I want verify the existing password for a user (to allow them to change their password). I thought to go the following route but ran into the problem that the hashed password always shows up as a different hash. I am using …
Mariusz
  • 148
  • 1
  • 8
4
votes
1 answer

Symfony 5 PHP8 Attributes for Security

I have a page that I am trying to convert from annotations to PHP8 attributes. namespace App\Controller; use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use…
Patrick Kenekayoro
  • 326
  • 1
  • 3
  • 10
4
votes
0 answers

How to use the LDAP form login and Form Login on Symfony 5.3 with the new Authenticator-based Security system?

I get an strange behavior when I enable the new authentication based security. I find that chain of form_login and form_login_ldap won't work together. Both on their own work, either json_login and json_login_ldap. Here is my…
Protonrider
  • 41
  • 3
4
votes
2 answers

Prevent user from logging in if his status is inactive

I am trying to block user from logging in his status is inactive. I am using API-Platform with LexikJWT bundle. I have tried to make a JWTAuthentication guard by extending JWTTokenAuthenticator->checkCredentials but the problem is that this works…
Erik Kubica
  • 1,180
  • 3
  • 15
  • 39
4
votes
1 answer

How to override Symfony's security for a specific environment?

I'm trying to configure Symfony's security component so that in a specific environment (travis) there is no security enabled for any endpoints. We'll be using the Cypress testing suite to perform integration tests during the travis build, and I…
Andrew Plank
  • 942
  • 10
  • 22
4
votes
2 answers

Symfony, force logout in a controller

I'm using Symfony 3.4, and I would like to logout my user at the end of my action in my controller. This is the action public function changeUserEmail() { /* change the user email */ /* perform the logout */ /* choose the route to…
ste
  • 1,479
  • 10
  • 19
4
votes
2 answers

Symfony2: Pass a second object to a Voter

I'm using a voter to determine whether or not the logged in user can edit a given object. One of the criteria requires a comparison with another object but I'm not sure how to pass this into the voter. I cannot use the constructor arguments as it is…
v-studios
  • 51
  • 3
4
votes
1 answer

Symfony2 authentication method in the same firewall

I'm new to Symfony2. I read documentation and saw some config for login form http://symfony.com/doc/current/cookbook/security/form_login_setup.html # app/config/security.yml security: # ... firewalls: default: anonymous:…
Kevin
  • 1,403
  • 4
  • 18
  • 34
4
votes
1 answer

symfony2 call is_granted in voter : how to avoid an infinite loop?

I have built a voter where I need to invoke is_granted on a user. When injecting the security.authorization_checker service in my voter I get the following error ServiceCircularReferenceException in CheckCircularReferencesPass.php line 69:…
Sébastien
  • 5,263
  • 11
  • 55
  • 116
3
votes
4 answers

user password management in EasyAdmin

I have 2 questions/concerns when I edit a user I don't always want to have to change the user's password, how can I change that? how can I save the password encrypted in the database, so far I only succeed in plain text and none of the…
Tealk
  • 49
  • 1
  • 7
1
2
3
18 19