Symfony: Firewalls, multiple login forms

Question

I am not new to symfony by any means, but I\'ve always used FOSUserBundle which by default prevents one from having 2 different login forms for authenticating t

Answer 1

For implementing multiple login in symfony 2XX, try the following code

Security.yml

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
        Company\AngularBundle\Entity\User: plaintext
        Company\AngularBundle\Entity\Admin: plaintext

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
       users:
           entity: { class: CompanyAngularBundle:User, property: username }
       admin:
           entity: { class: CompanyAngularBundle:Admin, property: username }

    firewalls:
        admin_secured_area:
            pattern:   ^/admin
            anonymous: ~
            provider: admin
            form_login:
                login_path: /admin/login
                check_path: /admin/login_check
                default_target_path: /admin

        user_secured_area:
            pattern:   ^/
            anonymous: ~
            provider: users
            form_login:
                login_path: login
                check_path: login_check
                default_target_path: /home

routing.yml

login_check:
    path: /login_check
admin_login_check:
   path: /admin/login_check

Twig file

Action of login form should be like this
<form action="{{ path('login_check') }}" method="post">

Action of admin/login form should be like this
<form action="{{ path('admin_login_check') }}" method="post">

Answer 2

The problem is that after logging into the "secured_area" firewall you get redirect to "/" which is behind the "members_area" firewall. You can't access "members_area" with your credentials from "secured_area" (at least not by default). Read the details on http://symfony.com/doc/current/reference/configuration/security.html#reference-security-firewall-context .

If you have a look at the security configuration (http://symfony.com/doc/current/reference/configuration/security.html) you can see that the default_target_path for form_login is "/". Just change this to /admin:

security:
    ...

    firewalls:
    ...
        secured_area:
            pattern:    ^/admin
            ...
            form_login:
                check_path: /admin/login_check
                login_path: /admin/login
                default_target_path: /admin
            logout:
    ...

The alternative is to share the context as described in the first link (http://symfony.com/doc/current/reference/configuration/security.html#reference-security-firewall-context).