eZ Platform offers security and access control for your website using a = complex permission system which allows you to define very fine-grained righ= ts for all your users.
To use Symfony authentication with eZ Platform, the configuration = goes as follows:
security:
firewalls:
ezpublish_front:
pattern: ^/
anonymous: ~
form_login:
require_previous_session: false
logout: ~=20
login:
path: /login
defaults: { _controller: ezpublish.security.controller:loginAction }
login_check:
path: /login_check
logout:
path: /logout=20
Note
You can fully customize the routes and/or the controller used for login.=
However, remember to match login_path, check_path and logout.path from security.yml.
See security configuration re= ference and stan= dard login form documentation.
Authentication is provided using the Symfony Security component.
Native and=
universal form_login is used, i=
n conjunction with an extended DaoAuthenticationProvider=
(DAO stands for Data Access Object ), the RepositoryAuthenticationProvider <=
span>. Native behavior of DaoAuthenticationProvider has been preserved, making it possible to still use it for p=
ure Symfony applications.
A SecurityController is used to manage all securi=
ty-related actions and is thus used to display login form. It is pretty str=
aightforward and follows all standards explained in Symfony security documentation.
Base template used is EzPublishCoreBundle:Security:login.html=
.twig and stands as follows:
{% extends layout %}
{% block content %}
{% block login_content %}
{% if error %}
<div>{{ error.message|trans }}</div>
{% endif %}
<form action=3D"{{ path( 'login_check' ) }}" method=3D"post">
{% block login_fields %}
<label for=3D"username">{{ 'Username:'|trans }}</label=
>
<input type=3D"text" id=3D"username" name=3D"_username" valu=
e=3D"{{ last_username }}" />
<label for=3D"password">{{ 'Password:'|trans }}</label=
>
<input type=3D"password" id=3D"password" name=3D"_password" =
/>
<input type=3D"hidden" name=3D"_csrf_token" value=3D"{{ csrf=
_token("authenticate") }}" />
{#
If you want to control the URL the user
is redirected to on success (more details below)
<input type=3D"hidden" name=3D"_target_path" value=3D"/a=
ccount" />
#}
<button type=3D"submit">{{ 'Login'|trans }}</button>=
;
{% endblock %}
</form>
{% endblock %}
{% endblock %}=20
The layout used by default is %ezpublish=
.content_view.viewbase_layout% (empty layout) but can be=
configured easily together with the login template:
ezpublish:
system:
my_siteaccess:
user:
layout: "AcmeTestBundle::layout.html.twig"
login_template: "AcmeTestBundle:User:login.html.twig"=
=20
By default, Symfony redirects to the URI configured in security.yml as =
;default_target_path . If not set, it will default to =
;/.
This setting can be set by siteaccess, via default_page setting=
.
See the documentation on access control.
It is possible to use the remember_me functionali=
ty. For this you can refer to the Symfony cookbook on this topic.
If you want to use this feature, you must at least extend the login temp= late in order to add the required checkbox:
{# your_login_template.html.twig #}
{% extends "EzPublishCoreBundle:Security:login.html.twig" %}
{% block login_fields %}
{{ parent() }}
<input type=3D"checkbox" id=3D"remember_me" name=3D"_remember_me" ch=
ecked />
<label for=3D"remember_me">Keep me logged in</label>
{% endblock %}=20
Symfony provides native support for multiple user providers. This makes it easy to i= ntegrate any kind of login handlers, including SSO and existing third-party= bundles (e.g. FR3DLdapBundle, HWIOauthBundle, FOSUserBundle= , BeSimpleSsoAuthBundle, etc.).
Further explanation can be found in the multiple user providers recipe.
u=
ser/login and user/logout views are deac=
tivated.To be able to use your legacy SSO (Single Sign-on) handlers, use the fol=
lowing config in your ezpublish/config/security.yml:
security:
firewalls:
ezpublish_front:
pattern: ^/
anonymous: ~
# Adding the following entry will activate the use of old SSO h=
andlers.
ezpublish_legacy_sso: ~ =20