Symfony2: How to: secure application with _locale

Question

All! I'd like to secure my application with security system together. Below security.yml file

security:
  encoders:
    Symfony\Component\Security\Core\User\User: plaintext

  role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

  providers:
    in_memory:
      users:
        user:  { password: userpass, roles: [ 'ROLE_USER' ] }
        admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }

  firewalls:
    dev:
      pattern:  ^/(_(profiler|wdt)|css|images|js)/
      security: false

    login:
      pattern:  ^/{_locale}/demo/secured/login$
      security: false

    secured_area:
      pattern:    ^/{_locale}/demo/secured/
      form_login:
        check_path: /{_locale}/demo/secured/login_check
          login_path: /{_locale}/demo/secured/login
        logout:
          path:   /{_locale}/demo/secured/logout
          target: /{_locale}/demo/

The problem:

logout->target return desn't work. Could anybody help me ?

PS: Any examples would be appreciated!

Thx

Answer 1

Just make sure you define routes for them all that do use the locale variable and security seems to pick it up automatically. No need to have the locale accounted for in the security config.

Here's an example from my project.

Excerpt from security.yml:

    login:
        pattern:  /(game|admin)/login$
        security: false

    admin:
        pattern:    /admin/
        form_login:
            check_path: /admin/login_check
            login_path: _admin_login
        logout:
            path:   _admin_logout
            target: _home

    game:
        pattern:    /game/
        form_login:
            check_path: /game/login_check
            login_path: _game_login
        logout:
            path:  _game_logout
            target: _home

Excerpt from routing.yml:

BrowserMMOSecurityBundle:
    resource: "@BrowserMMOSecurityBundle/Controller/"
    type:     annotation
    prefix:   /{_locale}/
    defaults: { _locale: en }
    requirements:
        _locale: en|fr

_game_login_check:
    pattern:   /game/login_check

_admin_login_check:
    pattern:   /admin/login_check

_admin_logout:
    pattern:   /{_locale}/admin/logout
    requirements:
        _locale: en|fr

_game_logout:
    pattern:   /{_locale}/game/logout
    requirements:
        _locale: en|fr

The above config works for me. It's also worth noting that the _admin_login and _game_login routes are defined in annotations on my SecurityController class.