@@ -39,8 +39,8 @@ First, enable form login under your firewall:
3939 <!-- app/config/security.xml -->
4040 <?xml version =" 1.0" encoding =" UTF-8"
4141 <srv : container xmlns =" http://symfony.com/schema/dic/security"
42- xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
4342 xmlns : srv =" http://symfony.com/schema/dic/services"
43+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
4444 xsi : schemaLocation =" http://symfony.com/schema/dic/services
4545 http://symfony.com/schema/dic/services/services-1.0.xsd" >
4646
@@ -82,7 +82,6 @@ bundle::
8282 namespace AppBundle\Controller;
8383
8484 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
85- use Symfony\Component\HttpFoundation\Request;
8685
8786 class SecurityController extends Controller
8887 {
@@ -126,6 +125,7 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``):
126125 login_route :
127126 path : /login
128127 defaults : { _controller: AppBundle:Security:login }
128+
129129 login_check :
130130 path : /login_check
131131 # no controller is bound to this route
@@ -159,6 +159,7 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``):
159159 $collection->add('login_route', new Route('/login', array(
160160 '_controller' => 'AppBundle:Security:login',
161161 )));
162+
162163 $collection->add('login_check', new Route('/login_check', array()));
163164 // no controller is bound to this route
164165 // as it's handled by the Security system
@@ -320,12 +321,13 @@ see :doc:`/cookbook/security/form_login`.
320321
321322.. _book-security-common-pitfalls :
322323
323- Avoid common Pitfalls
324+ Avoid Common Pitfalls
324325---------------------
325326
326327When setting up your login form, watch out for a few common pitfalls.
327328
328- **1. Create the correct routes **
329+ 1. Create the Correct Routes
330+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
329331
330332First, be sure that you've defined the ``/login `` and ``/login_check ``
331333routes correctly and that they correspond to the ``login_path `` and
@@ -334,7 +336,8 @@ redirected to a 404 page instead of the login page, or that submitting
334336the login form does nothing (you just see the login form over and over
335337again).
336338
337- **2. Be sure the login page isn't secure (redirect loop!) **
339+ 2. Be Sure the Login Page Isn't Secure (Redirect Loop!)
340+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
338341
339342Also, be sure that the login page is accessible by anonymous users. For example,
340343the following configuration - which requires the ``ROLE_ADMIN `` role for
@@ -450,15 +453,17 @@ for the login page:
450453 ),
451454 ),
452455
453- 3. Be sure /login_check is behind a firewall **
456+
457+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
454458
455459Next, make sure that your ``check_path `` URL (e.g. ``/login_check ``) is behind
456460the firewall you're using for your form login (in this example, the single
457461firewall matches *all * URLs, including ``/login_check ``). If ``/login_check ``
458462doesn't match any firewall, you'll receive a ``Unable to find the controller
459463for path "/login_check" `` exception.
460464
461- **4. Multiple firewalls don't share security context **
465+ 4. Multiple Firewalls Don't Share Security Context
466+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
462467
463468If you're using multiple firewalls and you authenticate against one firewall,
464469you will *not * be authenticated against any other firewalls automatically.
@@ -467,7 +472,8 @@ to explicitly specify the same :ref:`reference-security-firewall-context`
467472for different firewalls. But usually for most applications, having one
468473main firewall is enough.
469474
470- **5. Routing error pages are not covered by firewalls **
475+ 5. Routing Error Pages Are not Covered by Firewalls
476+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
471477
472478As routing is done *before * security, 404 error pages are not covered by
473479any firewall. This means you can't check for security or even access the
0 commit comments