5

Using Symfony 2, I am looking for more information about the handlers that you can define in the security configuration file app/config/security.yml (official documentation). The documentation doesn't give any informations about handlers. Here is an extract of the security file :

# app/config/security.yml

security:        
    ...

    firewalls:                            
            somename:
        
                form_login:
                    ...
    
                    # login failure redirecting options (read further below)
                    failure_path:    /foo
                    failure_forward: false
                    failure_path_parameter: _failure_path
                    failure_handler: some.service.id
                    success_handler: some.service.id
    
    
                logout:
                    path:   /logout
                    target: /
                    invalidate_session: false
                    delete_cookies:
                        a: { path: null, domain: null }
                        b: { path: null, domain: null }
                    handlers: [some.service.id, another.service.id]
                    success_handler: some.service.id
                anonymous: ~

In both form_login ang logout part there is a success_handler field. Moreover, for logout part you can define several handlers using handlers field.

I have two questions :

  1. If I define a succes_handler service (using for example AuthenticationSuccessHandlerInterface or LogoutHandlerInterface), will it overide the default success handler provided in the framework ?

  2. For the logout part of the configuration, how work the handlersfield ?

Improve this question
6
  • Check this answer. Hope this help Commented Feb 10, 2015 at 8:43
  • @Matteo Thank you. I have read a lot of posts on the subject but I could not find any precise information . What I would like to know is if I define my own succes handler, will it override the default one or do I need to extend the default one as described in this post ? Commented Feb 10, 2015 at 8:50
  • I haven't try but i think no Commented Feb 10, 2015 at 8:52
  • 1
    OK I will try to see. Commented Feb 10, 2015 at 8:57
  • To override the default success handler i think that you should add this to your security.yml parameters: security.authentication.success_handler.class: Xxx\YourBundle\Component\OverSf2\Security\Http\Authentication\AuthenticationSuccessHandler services: security.authentication.success_handler: class: %security.authentication.success_handler.class% public: false arguments: ['@router', '@security.user.entity_manager'] Commented Feb 10, 2015 at 9:46

2 Answers 2

Reset to default
7

For information, in logout part of app/config/security.yml :

handlers: [some.service.id, another.service.id] => Here you have to define services implementing Symfony\Component\Security\Http\Logout\LogoutHandlerInterface. Theses handles do not need to return a response. In my case I created a simple handler that creates a flash message on logout.

success_handler: some.service.id => Here you have to define a service implementing => Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface. This handler have to return a response. This handler is called by the constructor of Symfony\Component\Security\Http\Firewall\LogoutListener (firewall listener).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

to answer your 1st question: yes by creating custom succes_handler service you will overwrite the default one. however the default logout handler is DefaultLogoutSuccessHandler and all it does is, it redirects to logout target route so its safe to overwrite this. mark this response as correct answer please
0

I tried with success the next solution https://gist.github.com/marydn/8061424 Seems to be what you are trying to do.

Improve this answer

2 Comments

Thank you. Yes that's what I want to do. I have no problem on how to do this. I wanted to be sure that using this method I would not override the default success handler provided in Symfony (as the documentation is not really helpful).
To be more specific I want to add a flash message on login/logout event, so I don't want to affect the response. For login, an event listener can be used (listening to security.interactive_login) and for logout a logout succes handler implementing LogoutHandlerInterface (as there is no logout event). This interface permits to avoid returning a response (by opposition to LogoutSuccessHandlerInterface).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.