Home > Software design >  Symfony 5 - Multiple authenticators in firewall. I need to set the "entry_point
Symfony 5 - Multiple authenticators in firewall. I need to set the "entry_point

Time:02-11

I don't know if what I'm trying to do is possible but I have the following configuration in my security.yaml and it shows me the following error:

Because you have multiple authenticators in firewall "administrator_secured_area", you need to set the "entry_point" key to one of your authenticators ("App\Security\AdministratorAuthenticator", "form_login") or a service ID implementing "Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface". The "entry_point" determines what should happen (e.g. redirect to "/login") when an anonymous user tries to access a protected page.

I have searched various solutions but none suits my current setup

security:
    enable_authenticator_manager: true
    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
        App\Entity\Administrator:
            algorithm: auto
        App\Entity\Instructor:
            algorithm: auto


    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_administrator_provider:
            entity:
                class: App\Entity\Administrator
                property: email
        app_instructor_provider:
            entity:
                class: App\Entity\Instructor
                property: email
        # used to reload user from session & other features (e.g. switch_user)
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        administrator_secured_area:
            lazy: true
            provider: app_administrator_provider
            custom_authenticator: App\Security\AdministratorAuthenticator
            form_login:
                login_path: /login/administrator
                check_path: /app_login_administrator
                default_target_path: /login/administrator
            logout:
                path: app_logout
                # where to redirect after logout
                target: app_login_administrator
        instructor_secured_area:
            lazy: true
            provider: app_instructor_provider
            custom_authenticator: App\Security\InstructorAuthenticator
            form_login:
                login_path: /login/instructor
                check_path: /app_login_instructor
                default_target_path: /login/instructor
            logout:
                path: app_logout
                # where to redirect after logout
                target: app_login_instructor

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }

when@test:
    security:
        password_hashers:
            # By default, password hashers are resource intensive and take time. This is
            # important to generate secure password hashes. In tests however, secure hashes
            # are not important, waste resources and increase test times. The following
            # reduces the work factor to the lowest possible values.
            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
                algorithm: auto
                cost: 4 # Lowest possible value for bcrypt
                time_cost: 3 # Lowest possible value for argon
                memory_cost: 10 # Lowest possible value for argon

CodePudding user response:

First of all thank you for your answer.

With the configuration you propose I get the following error:

 Unrecognized option "administrator_form_login" under "security.firewalls.administrator_secured_area". Available options are 
   "access_denied_handler", 
   "access_denied_url", 
   "anonymous", "context", 
   "custom_authenticators", 
   "entry_point", 
   "form_login", 
   "form_login_ldap", 
   "guard", "host", 
   "http_basic", 
   "http_basic_ldap", 
   "json_login", 
   "json_login_ldap", 
   "lazy", 
   "login_link", 
   "login_throttling", 
   "logout", "methods", 
   "pattern", 
   "provider", 
   "remember_me", 
   "remote_user", 
   "request_matcher", 
   "required_badges", 
   "security", 
   "stateless", 
   "switch_user", 
   "user_checker", 
   "x509".

Best regards!

CodePudding user response:

As the error message suggests you should set the entry_point key to one of your authenticators, here is an example, you could choose to set in one of them, or you could try to set it in both:

administrator_secured_area:
    lazy: true
    provider: app_administrator_provider
    custom_authenticator: App\Security\AdministratorAuthenticator
    form_login:
        login_path: /login/administrator
        check_path: /app_login_administrator
        default_target_path: /login/administrator
    logout:
        path: app_logout
        # where to redirect after logout
        target: app_login_administrator
    entry_point: 'form_login'
instructor_secured_area:
    lazy: true
    provider: app_instructor_provider
    custom_authenticator: App\Security\InstructorAuthenticator
    form_login:
        login_path: /login/instructor
        check_path: /app_login_instructor
        default_target_path: /login/instructor
    logout:
        path: app_logout
        # where to redirect after logout
        target: app_login_instructor
  • Related