symfony-security

I'm trying to use @Security annotations for my routes. Like this: /** * @return Response * @Route("/action") * @Security("has_role('ROLE_USER')") * @Template() */ public function someAction() { return array(); } When the security restriction fires an exception, I get the message Expression "has_role('ROLE_USER')" denied access . This is not acceptable to be shown to the end user, so I'm trying to find a way to customize the message for annotation. Simple workaround is to not to use @Secutity annotations and write code like these: /** * @return Response * @Route("/action") * * @Template() */

I'm using SonataAdmin with sonata.admin.security.handler.role (so I don't use ACLs here). I'm trying to restrict access to an object with a custom voter. service security.access.company_voter: class: Application\...\Voter\CompanyVoter public: false tags: - { name: security.voter } voter Application...\Voter\CompanyVoter.php #... public function vote(TokenInterface $token, $object, array $attributes) { get_class($object); } #... But I'm always getting an instance of Application\...\Voter\CompanyVoter instead of the expected object to restrict. What can be the reason ? Are you telling me that

I have implemented the following Voter Service definition security.access.company_voter: class: Application\...\CompanyVoter public: false tags: - { name: security.voter } Voter Application/.../CompanyVoter.php #... public function vote(TokenInterface $token, $object, array $attributes) { if ( !($this->supportsClass(get_class($object))) ) { # <- Problem here return VoterInterface::ACCESS_ABSTAIN; } foreach ($attributes as $attribute) { if ( !$this->supportsAttribute($attribute) ) { return VoterInterface::ACCESS_ABSTAIN; } } $user = $token->getUser(); if ( !($user instanceof UserInterface) ) {

First off, I'm not using FOSUserBundle and I can't because I'm porting a legacy system which has its own Model layer (no Doctrine/Mongo/whatsoever here) and other very custom behavior. I'm trying to connect my legacy role system with Symfony's so I can use native symfony security in controllers and views. My first attempt was to load and return all of the user's roles in the getRoles() method from the Symfony\Component\Security\Core\User\UserInterface . At first, it looked like that worked. But after taking a deeper look, I noticed that these roles are only refreshed when the user logs in.

i create service but it doesn't work services: redirectionListener: class: Front\EcommerceBundle\Listener\RedirectionListener arguments: ["@service_container","@session"] tags: - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest } and this my class namespace Front\EcommerceBundle\Listener; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpKernel\Event\GetResponseEvent; class RedirectionListener { public function __construct

I have two firewalls: api (for API calls) main (for everything else) My client app login happens via the main firewall. However, it does interact with endpoints under the api firewall to fetch data. The problem here is that I don't want to force the user to log in a second time for authenticating against the second firewall. How can I authenticate against both firewalls with just a single login form? Perhaps you could try the 'context' firewall property. Say you have a configuration something like this (which presumably you do): security: // providers etc ... firewall: main: pattern: # ...

I read here how to check the login status of an user by inside a twig template for a Symfony2-based website. However, I need to know how to check if the user is logged in from inside a controller. I was quite sure the the following code was right: $user = $this->get('security.context')->getToken()->getUser(); but it always return something, e.g. a logged user or an anonymous user. Any idea? Thanks in advance. Bryson Warning : Checking for 'IS_AUTHENTICATED_FULLY' alone will return false if the user has logged in using "Remember me" functionality. According to Symfony 2 documentation, there are