Native and =
universal form_login is used, in co=
njunction with an extended DaoAuthenticationProvider (DAO stands for Data Access Object=
), the RepositoryAuthenticationProvider. Nat=
ive behavior of DaoAuthenticationProvider&nb=
sp;has been preserved, making it possible to still use it for pure Symfony =
applications.
A SecurityController is used to manage all securi=
ty-related actions and is thus used to display login form. It is pretty str=
aightforward and follows all standards explained in Symfony security documentation.
Base template used is EzPublishCoreBundle:Security:login.html=
.twig and stands as follows:
{% extends layout %}
{% block content %}
{% block login_content %}
{% if error %}
<div>{{ error.message|trans }}</div>
{% endif %}
<form action=3D"{{ path( 'login_check' ) }}" method=3D"post">
{% block login_fields %}
<label for=3D"username">{{ 'Username:'|trans }}</label=
>
<input type=3D"text" id=3D"username" name=3D"_username" valu=
e=3D"{{ last_username }}" />
<label for=3D"password">{{ 'Password:'|trans }}</label=
>
<input type=3D"password" id=3D"password" name=3D"_password" =
/>
<input type=3D"hidden" name=3D"_csrf_token" value=3D"{{ csrf=
_token("authenticate") }}" />
{#
If you want to control the URL the user
is redirected to on success (more details below)
<input type=3D"hidden" name=3D"_target_path" value=3D"/a=
ccount" />
#}
<button type=3D"submit">{{ 'Login'|trans }}</button>=
;
{% endblock %}
</form>
{% endblock %}
{% endblock %}=20
The layout used by default is %ezpublish.c=
ontent_view.viewbase_layout% (empty layout) but can be co=
nfigured easily together with the login template:
ezpublish:
system:
my_siteaccess:
user:
layout: "AcmeTestBundle::layout.html.twig"
login_template: "AcmeTestBundle:User:login.html.twig"=
=20
By default, Symfony redirects to the URI configured in security.yml as =
;default_target_path. If not set, it will default to =
/.
This setting can be set by siteaccess, via default_page se=
tting.
To use Symfony authentication with eZ Platform, the configuration = goes as follows:
security:
firewalls:
ezpublish_front:
pattern: ^/
anonymous: ~
form_login:
require_previous_session: false
logout: ~=20
login:
path: /login
defaults: { _controller: ezpublish.security.controller:loginAction }
login_check:
path: /login_check
logout:
path: /logout=20
Note
You can fully customize the routes and/or the controller used for login.=
However, remember to match login_path, check_path and logout.path from security.yml.
See security configuration re= ference and stan= dard login form documentation.
See the do= cumentation on access control.
It is possible to use the remember_me functionali=
ty. For this you can refer to the Symfony cookbook on this topic.
If you want to use this feature, you must at least extend the login temp= late in order to add the required checkbox:
{# your_login_template.html.twig #}
{% extends "EzPublishCoreBundle:Security:login.html.twig" %}
{% block login_fields %}
{{ parent() }}
<input type=3D"checkbox" id=3D"remember_me" name=3D"_remember_me" ch=
ecked />
<label for=3D"remember_me">Keep me logged in</label>
{% endblock %}=20
Symfony provides native support for multiple user providers. This makes it easy to i= ntegrate any kind of login handlers, including SSO and existing third-party= bundles (e.g. FR3DLdapBundle, HWIOauthBundle, FOSUserBundle= , BeSimpleSsoAuthBundle, etc.).
Further explanation can be found in the multiple user pro= viders cookbook entry.
u=
ser/login and user/logout views are deac=
tivated.To be able to use your legacy SSO (Single Sign-on) handlers, use the fol=
lowing config in your ezpublish/config/security.yml:
security:
firewalls:
ezpublish_front:
pattern: ^/
anonymous: ~
# Adding the following entry will activate the use of old SSO h=
andlers.
ezpublish_legacy_sso: ~ =20