Stack Overflow
Stack Overflow

Questions tagged [symfony-security]

The Symfony security component is a standalone library that can be used outside of Symfony2 projects.

Symfony security component provides a complete security system for your web application. It ships with facilities for authenticating using HTTP basic or digest authentication, interactive form login or X.509 certificate login, but also allows you to implement your own authentication strategies. Furthermore, the component provides ways to authorize authenticated users based on their roles, and it contains an advanced ACL system.

Useful links

276 questions
79
votes
7 answers

How to check if a user is logged in Symfony2 inside a controller?

I read here how to check the login status of a user by inside a twig template for a Symfony2-based website. However, I need to know how to check if the user is logged in from inside a controller. I was quite sure the the following code was…
JeanValjean
  • 17,172
  • 23
  • 113
  • 157
58
votes
7 answers

How to programmatically login/authenticate a user?

I'd like to log the user in right after the registration process, without passing by the login form. Is this possible ? I've found a solution with FOSUserBundle, but I'm not using it on the project I'm actually working on. Here is my security.yml,…
rayfranco
  • 3,630
  • 3
  • 26
  • 38
30
votes
1 answer

Authenticate multiple symfony2 firewalls with one login form

I have two firewalls: api (for API calls) main (for everything else) My client app login happens via the main firewall. However, it does interact with endpoints under the api firewall to fetch data. The problem here is that I don't want to force…
anushr
  • 3,342
  • 3
  • 29
  • 50
26
votes
1 answer

Redirect after login in Symfony 2

In Symfony 2 you can set up a target for the logout so that after logout you will be redirected to /main. However with the login you will be redirected to /. Is there a manner to setup a target for a (successful) login as well? firewalls: dev: …
Roel Veldhuizen
  • 4,613
  • 8
  • 44
  • 78
26
votes
2 answers

You have requested a non-existent service "security.context"

i create service but it doesn't work services: redirectionListener: class: Front\EcommerceBundle\Listener\RedirectionListener arguments: ["@service_container","@session"] tags: - { name:…
Haythem Hedfi
  • 569
  • 1
  • 5
  • 11
21
votes
8 answers

When are user roles refreshed and how to force it?

First off, I'm not using FOSUserBundle and I can't because I'm porting a legacy system which has its own Model layer (no Doctrine/Mongo/whatsoever here) and other very custom behavior. I'm trying to connect my legacy role system with Symfony's so I…
netmikey
  • 2,422
  • 2
  • 28
  • 35
15
votes
3 answers

How to redirect to home page after logout?

I have provided a pre build project on symfony in which the logout session redirects to the login screen, but now I want that page to redirect on the home page instead. What I have found in the coding files is this: In the base twig file:
Geetika
  • 790
  • 3
  • 13
  • 29
13
votes
2 answers

Token was deauthenticated after trying to refresh it

I updated my Symfony environment form 3.3 to 4.0. After the update I have problems with the login (user provided by database). When I submit the login form, I just got right back to the login form without any error message. When I use invalid…
user2625247
  • 361
  • 1
  • 4
  • 15
9
votes
2 answers

How to authenticate/authorize anonymous user for a limited time?

Let's say I have an invoice entity. Invoice belongs to some user (invoices.user_id). If the user enters myapp.com/invoices/1 he needs to sign in to gain access to his invoice. That's pretty normal. Sometimes invoices.user_id is null (invoice owner…
Kamil Latosinski
  • 756
  • 5
  • 28
7
votes
1 answer

Symfony2 custom Voter: cannot have access to getDoctrine from inside the Voter

I'm trying to implement a custom Voter. From the controller I call it this way: $prj = $this->getDoctrine()->getRepository('AppBundle:Project')->findOneById($id); if (false === $this->get('security.authorization_checker')->isGranted('responsible',…
Sergio Negri
  • 2,023
  • 2
  • 16
  • 38
6
votes
1 answer

Symfony 5 security.interactive_login event not called

I want to use the security.interactive_login event to update my User's last login field. The event is successfully registered: php bin/console debug:event-dispatcher security.interactive_login Registered Listeners for "security.interactive_login"…
Erdal G.
  • 2,694
  • 2
  • 27
  • 37
6
votes
1 answer

how to login to subdomain using symfony security if already loggedin on main domain in other app?

I am already loggedin to main domain. Say example.com (app developed in legacy kohana). I am trying to login to subdmain, say foo.bar.example.com . foo.example.com is symfony app. Below is my configuration. Dev too bar displays "anonymous" user. It…
vishal
  • 3,993
  • 14
  • 59
  • 102
6
votes
1 answer

Auto block/ban brute force scanners in Symfony

I am running a web page based on Symfony 2.7. The page uses the FOSUserBundle for user management and authentication. I can observe in the log files, that the page is "attacked" quite often by brute force scanners. There are two types of scans:…
Andrei Herford
  • 17,570
  • 19
  • 91
  • 225
6
votes
1 answer

symfony2 security - disable login path and show forbidden

i am trying to prevent redirect to login page when user is trying to access a page without token, i have single page app and i am only putting the ajax requests under firewall and when a user is doing ajax without token i want the ajax to return…
roy
  • 585
  • 5
  • 14
6
votes
1 answer

Custom message for @Security annotation

I'm trying to use @Security annotations for my routes. Like this: /** * @return Response * @Route("/action") * @Security("has_role('ROLE_USER')") * @Template() */ public function someAction() { return array(); } When the security…
ScayTrase
  • 1,810
  • 23
  • 36
1
2 3
18 19