0

I followed the instructions for creating a custom authentication provider: http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html

app/config/security:

firewalls:
    wsse_protection:
        pattern: ^/api/.*
        wsse: true
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
        logout:       true
        anonymous:    true

Now I have some Actions in the Controllers with routes. e.g:

ExampleController with listAction

routing:

example_list:
    pattern: /example/list
    defaults: { ... }

Do I have to copy all the routes to example_api_list? Because api/example/list didnt work (no route found for /api/example/list). I thought the pattern from the firewall is a prefix for all defined routes.

Improve this question

1 Answer 1

Reset to default
1

The firewall isn't a prefix, it's a regular expression that matches against incoming routes. In this case, anything starting with /api will be matched by your wsse_protection firewall, and everything that falls through will be matched by your main firewall.

To create routes under /api/*, you'll have to define the routing separately.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

ok. thanks. In the meantime I got some problems in securing the controller methods. adding a @Secure(roles="ROLE_ADMIN") annotation will leading to a replay attac. Do you know how to solve that or what is the reason for?
The same with $this->get('security.context')->isGranted('ROLE_ADMIN') or access_control to ROLE_ADMIN in security.yml.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.