i have webservice which is provider for my "regular" users. I want to use FosUserBundle for my administrators. Above is my security configuration. regular users login works with no problem, but when i want to login as admin i got this message:
"You must configure the check path to be handled by the firewall using form_login in your security firewall configuration. "
Here is my security configuration:
security:
encoders:
Locastic\CustomUserBundle\Security\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
webservice:
id: locastic.user_provider
firewalls:
main:
pattern: ^/admin
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
user-service:
pattern: ^/
logout:
path: /logout
anonymous: true
webservice-login:
check_path: /prijava-provjera
login_path: /prijavi-se
provider: webservice
always_use_default_target_path: true
default_target_path: /stanje-racuna
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: ROLE_ADMIN }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
I think you need to put form_login
under a firewall ( either main
or add another one )
form_login under main firewall :
firewalls:
main:
pattern: ^/admin
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true ....
form_login under another firewall
firewalls:
main:
pattern: ^/admin
second_firewall:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true .....