Secure all urls in Symfony2

symfony symfony-security
DeLe picture DeLe · Apr 18, 2015 · Viewed 6.9k times · Source

I am using Symfony 2.6.6. And my structure folder

ExampleBundle
   Controller
       LoginController.php
       Other1Controller.php
       Other2Controller.php
       ...

LoginController has loginAction() and loginCheckAction()
LoginAction() will show login form and loginCheckAction() for checking that.

I see some tutorial to create LoginController.php. After user login by checking I set:

$session->set('login', $login);

My purpose is: All user must login before access all page of my web app.

But my website has many Controller and Action (pages).

My idea is: check 'login' session exist in all Action of all Controller and redirect to login action if not exist.

But I think that is too manual. What is the best way to do that with Symfony?

Update 1:
After that i try to add some code to my security.yml file. It Redirect to login page if user not logged, but it always Redirect to login page. I want if user login (has section 'login') it can access other pages. how to do that thanks

# .../security.html
security:
    firewalls:
       ex_login:
            pattern:  ^/ex/login$
            anonymous: ~
            security: false
        secured_area:
            pattern:    ^/ex
            form_login:
                check_path: /ex/logincheck
                login_path: /ex/login
            logout:
                path: /ex/logout
                target: /ex

update 2
Here is my Login Controller

       loginAction() {
           $session = $this->getRequest()->getSession();
           if ($session->has('login')) {
               //redirect to home/index
           }else {
               //render login form
           }
       }
       logincheckAction(Request $request) {
           if($request->getMethod()=='POST') {
                // check user input (username && password) in database
                if (ok){
                     $session->set('login', 'true');
                     //redirect to home/index
                }
                else {
                     //redirect to login/index
                }
           }else {
                //redirect to login/index
           }
       }
       logoutAction() {
           //remove login session
           // redirect to login/index
       }

Here is my Other1Controller.php

indexAction(){
   echo 'page1';
}

It always Redirect to login page. After i fill my field and sumbit to login, it still redirect to login page? how can i fix that thanks.

Answer

Omar J Fry picture Omar J Fry · Apr 21, 2015

My idea is to protect all urls unless some necessities urls as login and logout 

 access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/, role: ROLE_USER }

Make sure every user has at least ROLE_USER

Related questions

How to check if an user is logged in Symfony2 inside a controller?

I read here how to check the login status of an user by inside a twig template for a Symfony2-based website. However, I need to know how to check if the user is logged in from inside a controller. …

Read More
How to programmatically login/authenticate a user?

I'd like to log the user in right after the registration process, without passing by the login form. Is this possible ? I've found a solution with FOSUserBundle, but I'm not using it on the project I'm actually working on. Here …

Read More
Redirect after login in Symfony 2

In Symfony 2 you can set up a target for the logout so that after logout you will be redirected to /main. However with the login you will be redirected to /. Is there a manner to setup a target for a (…

Read More