Defining multiple security rules in XML format for Symfony2

published on August 25, 2011.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

This one falls into a category of bogus Symfony2 documentation. Or inconsistent behavior. Or whatever. It’s a bit frustrating.

I’ve chosen to use XML to define different settings across my sf2 apps: routing, ORM, services and of course security.

Symfony2’s security stuff let’s you define rules based on URL matching witch is, to some extent, explained in the documentation. The examples for YAML works fine, but for XML it’s kinda bogus.

The example says:

    <rule path="^/admin/users" role="ROLE_SUPER_ADMIN"></rule>
    <rule path="^/admin" role="ROLE_ADMIN"></rule>

which will actually die in a fire with an ugly as hell exception: InvalidConfigurationException: Unrecognized options “0, 1” under “security.access_control.rule”. Thanks, that’s helpful. The funny thing is that if you have only one rule defined, it works!

After an hour of hunting up and down, I finally found the solution in the test fixtures of the SecurityBundle!

The solution is to omit the access-control tags:

<rule path="^/admin/users" role="ROLE_SUPER_ADMIN"></rule>
<rule path="^/admin" role="ROLE_ADMIN"></rule>

I thought about submitting an issue against the code, but as the fixtures use this format, I’ll open up a ticket against the docs. A real WTF moment.

Happy hackin’!

Update, August 26th, 2011:

Defining roles suffers from the same bug. So, instead of using:

    <role id="ROLE_ADMIN" >Admin</role>
    <role id="ROLE_SUPER_ADMIN">Super admin</role>


<role id="ROLE_ADMIN" >Admin</role>
<role id="ROLE_SUPER_ADMIN">Super admin</role>
Tags: rule, security, symfony2, xml.
Categories: Development, Programming.

Thanks for reading! If you require help on a project of any kind, let's talk!

Robert Basic

Robert Basic

Software engineer, consultant, open source contributor.

Let's work together!

If you require outsourcing or consulting help on your projects, I'm available!

Robert Basic © 2008 — 2019
Get the feed