Databases
StackOverflow2013
Postsdbo
POSitewide http auth interfering with Symfony2 app authentication
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSitewide http auth interfering with Symfony2 app authentication
    text
    copied!<p>I have a site under development with the following structure:</p> <pre><code>public_html/ index.php symfony_app/ other_app/ </code></pre> <p>Currently I have the root of the site behind Basic HTTP authentication during the development testing phase. I couldn't figure out why my Symfony2 authentication for a valid user (myusername) was always redirecting to the Symfony login page. In the logs after successful Symfony login</p> <pre><code>security.INFO: User "myusername" has been authenticated successfully [] [] </code></pre> <p>I found:</p> <pre><code>security.INFO: Basic Authentication Authorization header found for user "otherusername" [] [] </code></pre> <p>..which is the user required by .htpasswd in the root of the site. So it seems that I have an issue with, for lack of a better term, nested http authentication.</p> <p>Is it possible to have a Symfony app living behind http auth without the two clashing?</p> <p>Security.yml</p> <pre><code>jms_security_extra: secure_all_services: false expressions: true security: encoders: My\UserBundle\Entity\User: algorithm: sha1 encode_as_base64: false iterations: 1 role_hierarchy: ROLE_ADMIN: ROLE_USER providers: administrators: entity: { class: MyUserBundle:User } firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/login$ security: false secured_area: pattern: ^/ http_basic: ~ form_login: login_path: login check_path: login_check always_use_default_target_path: true logout: path: /logout switch_user: true access_control: - { path: ^/, roles: ROLE_USER, requires_channel: https } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload