Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 4fc6fe7

Browse filesBrowse files
javiereguiluzjaviereguiluz
committed
minor #17444 Adding info about when the firewall needs to encompass all pages (ThomasLandauer)
This PR was merged into the 5.4 branch. Discussion ---------- Adding info about when the firewall needs to encompass all pages Added benefit: This also makes clear right away, that if somebody has multiple ways to login, the solution is not multiple firewalls, but one firewall (and a chain user provider). Commits ------- 06c0809 Adding info about when the firewall needs to encompass all pages
2 parents 5216387 + 06c0809 commit 4fc6fe7
Copy full SHA for 4fc6fe7

File tree

Expand file treeCollapse file tree

1 file changed

+10
-5
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+10
-5
lines changed

‎security.rst

Copy file name to clipboardExpand all lines: security.rst
+10-5Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -576,15 +576,13 @@ will be able to authenticate (e.g. login form, API token, etc).
576576
Only one firewall is active on each request: Symfony uses the ``pattern`` key
577577
to find the first match (you can also
578578
:doc:`match by host or other things </security/firewall_restriction>`).
579+
Here, all "real" URLs are handled by the ``main`` firewall (no ``pattern`` key means
580+
it matches *all* URLs).
579581

580582
The ``dev`` firewall is really a fake firewall: it makes sure that you
581583
don't accidentally block Symfony's dev tools - which live under URLs like
582584
``/_profiler`` and ``/_wdt``.
583585

584-
All *real* URLs are handled by the ``main`` firewall (no ``pattern`` key means
585-
it matches *all* URLs). A firewall can have many modes of authentication,
586-
in other words, it enables many ways to ask the question "Who are you?".
587-
588586
Often, the user is unknown (i.e. not logged in) when they first visit your
589587
website. If you visit your homepage right now, you *will* have access and
590588
you'll see that you're visiting a page behind the firewall in the toolbar:
@@ -594,7 +592,14 @@ you'll see that you're visiting a page behind the firewall in the toolbar:
594592

595593
Visiting a URL under a firewall doesn't necessarily require you to be authenticated
596594
(e.g. the login form has to be accessible or some parts of your application
597-
are public). You'll learn how to restrict access to URLs, controllers or
595+
are public). On the other hand, all pages that you want to be *aware* of a logged in
596+
user have to be under the same firewall. So if you want to display a "You are logged in
597+
as ..." message on every page, they all have to be included in the same firewall.
598+
599+
The same firewall can have many modes of authentication,
600+
in other words, it enables many ways to ask the question "Who are you?".
601+
602+
You'll learn how to restrict access to URLs, controllers or
598603
anything else within your firewall in the :ref:`access control
599604
<security-access-control>` section.
600605

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.