From c53cf132fd18271e49f4959190a01769afe85f24 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Thu, 3 May 2018 13:19:36 +0200 Subject: [PATCH 1/2] Improved the multiple user providers article --- security/multiple_user_providers.rst | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/security/multiple_user_providers.rst b/security/multiple_user_providers.rst index 2382371bd34..cb25fc52224 100644 --- a/security/multiple_user_providers.rst +++ b/security/multiple_user_providers.rst @@ -1,6 +1,12 @@ How to Use multiple User Providers ================================== +.. note:: + + It's always better to use a specific user provider for each authentication + mechanism. Chaining user providers should be avoided in most applications + and used only to solve edge cases. + Each authentication mechanism (e.g. HTTP Authentication, form login, etc) uses exactly one user provider, and will use the first declared user provider by default. But what if you want to specify a few users via configuration @@ -150,5 +156,25 @@ system will use the ``in_memory`` user provider. But if the user tries to log in via the form login, the ``user_db`` provider will be used (since it's the default for the firewall as a whole). +If you need to check that the user being returned by your provider is a allowed +to authenticate, check the returned user object:: + + use Symfony\Component\Security\Core\User; + // ... + + public function loadUserByUsername($username) + { + // ... + + // you can, for example, test that the returned user is an object of a + // particular class or check for certain attributes of your user objects + if ($user instance User) { + // the user was loaded from the security.yml file. Do something. + // ... + } + + return $user; + } + For more information about user provider and firewall configuration, see the :doc:`/reference/configuration/security`. From 2e21cd8acf2346cd4318ce5b666ced486b9b6449 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Thu, 24 May 2018 09:16:14 +0200 Subject: [PATCH 2/2] Minor tweak --- security/multiple_user_providers.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/multiple_user_providers.rst b/security/multiple_user_providers.rst index cb25fc52224..a4db56f8f46 100644 --- a/security/multiple_user_providers.rst +++ b/security/multiple_user_providers.rst @@ -169,7 +169,7 @@ to authenticate, check the returned user object:: // you can, for example, test that the returned user is an object of a // particular class or check for certain attributes of your user objects if ($user instance User) { - // the user was loaded from the security.yml file. Do something. + // the user was loaded from the main security config file. Do something. // ... }