Posts tagged 'symfony2'

Defining multiple security rules in XML format for Symfony2

published on August 25, 2011.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

This one falls into a category of bogus Symfony2 documentation. Or inconsistent behavior. Or whatever. It’s a bit frustrating.

I’ve chosen to use XML to define different settings across my sf2 apps: routing, ORM, services and of course security.

Symfony2’s security stuff let’s you define rules based on URL matching witch is, to some extent, explained in the documentation. The examples for YAML works fine, but for XML it’s kinda bogus.

The example says:

<access-control>
    <rule path="^/admin/users" role="ROLE_SUPER_ADMIN"></rule>
    <rule path="^/admin" role="ROLE_ADMIN"></rule>
</access-control>

which will actually die in a fire with an ugly as hell exception: InvalidConfigurationException: Unrecognized options “0, 1” under “security.access_control.rule”. Thanks, that’s helpful. The funny thing is that if you have only one rule defined, it works!

After an hour of hunting up and down, I finally found the solution in the test fixtures of the SecurityBundle!

The solution is to omit the access-control tags:

<rule path="^/admin/users" role="ROLE_SUPER_ADMIN"></rule>
<rule path="^/admin" role="ROLE_ADMIN"></rule>

I thought about submitting an issue against the code, but as the fixtures use this format, I’ll open up a ticket against the docs. A real WTF moment.

Happy hackin’!

Update, August 26th, 2011:

Defining roles suffers from the same bug. So, instead of using:

<role-hierarchy>
    <role id="ROLE_ADMIN" >Admin</role>
    <role id="ROLE_SUPER_ADMIN">Super admin</role>
</role-hierarchy>

use:

<role id="ROLE_ADMIN" >Admin</role>
<role id="ROLE_SUPER_ADMIN">Super admin</role>
Tags: rule, security, symfony2, xml.
Categories: Development, Programming.

Importing Symfony2 security settings from a bundle

published on August 25, 2011.
Heads-up! You're reading an old post and the information in it is quite probably outdated.

I started to work on/figuring out the security part in Symfony2 and one part where the docs fail so far is to explain how to import security settings from a bundle.

Once I put some thinking into it, it’s pretty easy actually. Simply import the needed security file in your main config file. Something like this will work:

# app/config/config.yml
imports:
    - { resource: parameters.ini }
    - { resource: '@AcmeDemoBundle/Resources/config/security.xml' }

where the security.xml file is the same as already described in the documentation.

Happy hackin’!

P.S.: Bonus tip: When googling for symfony2 stuff, start your query with +symfony2 to include only symfony2 results. Makes life a bit easier.

Robert Basic

Robert Basic

Software engineer, consultant, open source contributor.

Let's work together!

If you require outsourcing or consulting help on your projects, I'm available!

Robert Basic © 2008 — 2019
Get the feed