Symfony 2 - hide the whole website with a HTTP Authentication dialog Symfony 2 - hide the whole website with a HTTP Authentication dialog symfony symfony

Symfony 2 - hide the whole website with a HTTP Authentication dialog


On my opinion, what you need is not to manage users with HTTP authentication but to restrict access to your site with HTTP authentication. Don't use Symfony2 security for that.

Leave your symfony2 app security as it will be in production mode and use apache .htaccess to restrict access to the site.

Documentation is here http://httpd.apache.org/docs/2.2/howto/auth.html. You just have to add some directives in web/.htaccess, and create a user/password file as explained in the doc...


my solution in Symfony2, using the basic firewall of symfony (without FOSUserBundle):

# app/config/security.ymlsecurity:    firewalls:        secured_area:            pattern: ^/            anonymous: ~            form_login:                login_path: login                check_path: login_check    access_control:        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }        - { path: ^/admin, roles: ROLE_ADMIN }        - { path: ^/, roles: ROLE_USER }    providers:        in_memory:            memory:                users:                    redattore: { password: 'somePasswordHere', roles: 'ROLE_USER' }                    admin: { password: 'somePasswordHere', roles: 'ROLE_ADMIN' }    encoders:        Symfony\Component\Security\Core\User\User: plaintext    role_hierarchy:        ROLE_ADMIN:       ROLE_USER        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

It works perfectly for me. It's a very basic configuration - without hashing passwords, without data base provider ("providers:" section), without https connection (everything goes in plain text throughout the internet), without logout stuff and other nice features.I hope it will help you.With kind regards