How does the login check_path route work without default controller/action?

saravanan picture saravanan · Jul 1, 2013 · Viewed 25.7k times · Source

I am working on symfony 2.3 project having the following routing code

just2_frontend_logincheck:
    pattern:   /login_check

It doesn't have

defaults:{ _controller: testBundle:User:login }

But it is working. But I don't know how the routing is working. Is it possible? Please advice me about the routing.

Answer

Nicolai Fröhlich picture Nicolai Fröhlich · Jul 1, 2013

The check_path route/path is used by your firewall to catch login requests.

This route's action is never really accessed. It's the route/url your login form posts to and the request should be processed by your firewall's provider service.

If the check_path route's action is being executed there is something wrong with the firewall (the request is not processed by your firewall).

As you can see here FOSUserBundle"s check_path is routed to SecurityController::checkAction and just throws a RuntimeException.

The configuration of the check_path can be found in app/config/security.yml under security.firewalls.<firewallname>.form_login.check_path.

It can either be a pattern like /login_check or as in your case a route name i.e. just2_frontend_logincheck but there is no underlying action.

security:
    providers:
         your_provider_name: your_provider_service  # authentication provider
         # ...

    firewalls:                                 # Required
        your_firewall_name:
            # ...

            provider: your_provider_name
            form_login:              
                check_path: /login_check       # submit the login form here
                                               # in your case a route name:
                                               # just2_frontend_logincheck

Under the hood symfony calls the authenticate() method of the service your_provider_service to check the credentials provided.

You can find the class used as the provider-service using:

app/console debug:container --show-private your_provider_service