0

I use Symfony2 system for my user authentication, and when a user with another role than ROLE_ADMIN try to log in, he can, but he is blocked on a 403 page. This is my security config :

security:
encoders:
    Me\UserBundle\Entity\User:
        algorithm: sha512
        encode-as-base64: true
        iterations: 10
providers:
    main:
        entity:
            class: Me\UserBundle\Entity\User
            property: username
firewalls:
    secured_area:
        pattern: ^/
        anonymous: ~
        form_login:
            login_path: /login
            check_path: /login_check
            default_target_path: /admin/user/
        logout:
            path: /logout
            target: /login
access_control:
    - { path: ^/admin/, roles: [ROLE_ADMIN] }
    - { path: ^/account, roles: [IS_AUTHENTICATED_FULLY] }

I would like that if a user try to log with another role than ROLE_ADMIN, he is returning on login form with an authentication error, and not being logged with a 403 error anywhere he goes. What should i do for that ? Thank you

AlterPHP
  • 12,667
  • 5
  • 49
  • 54
emurb
  • 147
  • 2
  • 13

1 Answers1

1

You can't get this behaviour only with configuration. As throwing an AccessDeniedException is the normal behaviour (the user is authenticated, so need to redirect her/him to authentication), you must handle AccessDenied.

Refer to this answer that explains how to create and use an AccessDeniedHandler.

Community
  • 1
  • 1
AlterPHP
  • 12,667
  • 5
  • 49
  • 54