11How to Use Multiple Guard Authenticators
22========================================
33
4- Guard authentication component allows you to easily use many different authenticators at a time.
4+ The Guard authentication component allows you to easily use many different
5+ authenticators at a time.
56
6- An entry point is a service id (of one of your authenticators) whose start()
7- method should be called when an anonymous user hits a page that requires authentication.
7+ An entry point is a service id (of one of your authenticators) whose
8+ `` start() `` method is called to start the authentication process .
89
9- Multiple authenticators with shared entry point
10+ Multiple Authenticators with Shared Entry Point
1011-----------------------------------------------
1112
12- Let's have an example of two authenticators: one based on login form, another one on facebook login.
13- Both authenticators entry points redirect user to the same login page.
14- However, in your configuration you have to explicitly say which entry point you want to use.
13+ Sometimes you want to offer your users different authentication mechanisms like
14+ a form login and a Facebook login while both entry points redirect the user to
15+ the same login page.
16+ However, in your configuration you have to explicitly say which entry point
17+ you want to use.
1518
1619This is how your security configuration can look in action:
1720
@@ -45,7 +48,7 @@ This is how your security configuration can look in action:
4548 <!-- ... -->
4649 <firewall name =" default"
4750 <anonymous />
48- <guard entry_point =" app.form_login_authenticator"
51+ <guard entry-point =" app.form_login_authenticator"
4952 <authenticator >app.form_login_authenticator</authenticator >
5053 <authenticator >app.facebook_connect_authenticator</authenticator >
5154 </guard >
@@ -74,16 +77,14 @@ This is how your security configuration can look in action:
7477
7578
7679
77- Multiple authenticators with separate entry points
80+ Multiple Authenticators with Separate Entry Points
7881--------------------------------------------------
7982
80- Let's now have an example of two different authenticators: one based on login form, another one on an API token.
81- When user hits secured area he should be redirected to the login page.
82- Also when user hits an API endpoint, he should get a relevant API response.
83-
84- Solution for this use case is to provide guard authenticators in two separate firewalls.
85-
86- This is an example of your configuration:
83+ However, there are use cases where you have authenticators that protect different
84+ parts of your application. For example, you have a login form that protects
85+ the secured area of your application front-end and API end points that are
86+ protected with API tokens. As you can only configure one entry point per firewall,
87+ the solution is to split the configuration into two separate firewalls:
8788
8889.. configuration-block ::
8990
@@ -106,7 +107,7 @@ This is an example of your configuration:
106107 access_control :
107108 - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
108109 - { path: ^/api, roles: ROLE_API_USER }
109- - { path: ^/, roles: ROLE_ADMIN }
110+ - { path: ^/, roles: ROLE_USER }
110111
111112code-block :: xml
112113
@@ -133,7 +134,7 @@ This is an example of your configuration:
133134 </firewall >
134135 <rule path =" ^/login" role =" IS_AUTHENTICATED_ANONYMOUSLY"
135136 <rule path =" ^/api" role =" ROLE_API_USER"
136- <rule path =" ^/" role =" ROLE_ADMIN "
137+ <rule path =" ^/" role =" ROLE_USER "
137138 </config >
138139 </srv : container >
139140
@@ -163,6 +164,6 @@ This is an example of your configuration:
163164 'access_control' => array(
164165 array('path' => '^/login', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'),
165166 array('path' => '^/api', 'role' => 'ROLE_API_USER'),
166- array('path' => '^/', 'role' => 'ROLE_ADMIN '),
167+ array('path' => '^/', 'role' => 'ROLE_USER '),
167168 ),
168169 ));
0 commit comments