Symfony/Setup admin interface

From Aimeos documentation

Symfony
Other languages:
English 100%


Setting up the administration interface is a matter of configuring the Symfony firewall to restrict access to the admin URLs. A basic firewall setup in the ./app/config/security.yml file can look like this one:

  1. security:
  2.     providers:
  3.         admin:
  4.             memory:
  5.                 users:
  6.                     admin: { password: secret, roles: [ 'ROLE_ADMIN' ] }
  7.         aimeos_customer:
  8.             entity: { class: AimeosShopBundle:User, property: username }
  9.         in_memory:
  10.             memory: ~
  11.  
  12.     encoders:
  13.         Symfony\Component\Security\Core\User\User: plaintext
  14.         Aimeos\ShopBundle\Entity\User:
  15.             algorithm: sha1
  16.             encode_as_base64: false
  17.             iterations: 1
  18.  
  19.     firewalls:
  20.         aimeos_admin:
  21.             pattern:   ^/admin
  22.             anonymous: ~
  23.             provider: admin
  24.             form_login:
  25.                 login_path: /admin
  26.                 check_path: /admin_check
  27.         aimeos_myaccount:
  28.             pattern: ^/myaccount
  29.             provider: aimeos_customer
  30.             http_basic:
  31.                 realm: "MyAccount"
  32.         main:
  33.             anonymous: ~
  34.  
  35.     access_control:
  36.         - { path: ^/admin/.+, roles: ROLE_ADMIN }
  37.         - { path: ^/myaccount, roles: ROLE_USER }

These settings will protect the /admin/* URLs from unauthorized access from someone without admin privileges. There's only one user/password combination defined, which is rather inflexible. As alternative, you can use on of the other Symfony user provider to authenticate against.

The order of the configuration settings in this file is important! If you place the in_memory or main section before the Aimeos related sections, authentication will fail!

The /myaccount URL is protected by HTTP basic authentication in this short example. Usually, you will replace it with a form based login or use the FOS user bundle with also offers user registration. A bit more detailed explanation of the authentication is available in the Aimeos docs and it contains the setup of the FOS user bundle too.

This is only an example and contains a public password! Use a strong password for authentication in production environments!


<< Previous: Adapt the base Twig template | Next: Test the installation >>