All geek questions in one place

Symfony Security redirects to login page

If I have a secure route, say, like a panel below, Symfony will only allow access to registered users.

  - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/panel, role: ROLE_USER }

For users who are not logged in, they always redirect them to login_path (I use FOSUserBundle):

 security: firewalls: main: pattern: ^/ form_login: provider: fos_userbundle login_path: fos_user_security_login

Where can I disable or override this redirect? I want to show the login form directly without redirecting the user.

I believe this is due to AccessDeniedHandlerInterface , but which key should be rewritten in security.yml? And where is the default implementation used?

In other situations, we have DefaultLogoutSuccessHandler, DefaultAuthenticationFailureHandler, DefaultAuthenticationSuccessHandler , and we can implement a service for each of these situations that extends their respective interfaces and can handle the situation in the usual way. However, I cannot find anything for AccessDenied. Its directory contains only the interface.

+5
source share
1 answer

I would do it manually.

Make your route anonymous accessible:

 - { path: ^/panel, role: [IS_AUTHENTICATED_ANONYMOUSLY, ROLE_USER] }

In your template, check if there is a registered user:

 {% if app.user is null %} <!-- Then display your login form --> {% else %} <!-- Display the normal view --> {% endif %}

Or do it from the controller:

 if (!is_object($this->get('security.token_storage')->getToken()->getUser())) { // Render the login form }

Thus, you can make your own logic depending on whether the user is authenticated or not.

+3
source

Source: https://habr.com/ru/post/1243654/

More articles:


All Articles