Symfony 2 : Security Configuration : Login and logout handlers

Question

Using Symfony 2, I am looking for more information about the handlers that you can define in the security configuration file app/config/security.yml (official documentation). The documentation doesn't give any informations about handlers. Here is an extract of the security file :

# app/config/security.yml

security:        
    ...

    firewalls:                            
            somename:
        
                form_login:
                    ...
    
                    # login failure redirecting options (read further below)
                    failure_path:    /foo
                    failure_forward: false
                    failure_path_parameter: _failure_path
                    failure_handler: some.service.id
                    success_handler: some.service.id
    
    
                logout:
                    path:   /logout
                    target: /
                    invalidate_session: false
                    delete_cookies:
                        a: { path: null, domain: null }
                        b: { path: null, domain: null }
                    handlers: [some.service.id, another.service.id]
                    success_handler: some.service.id
                anonymous: ~

In both form_login ang logout part there is a success_handler field. Moreover, for logout part you can define several handlers using handlers field.

I have two questions :

If I define a succes_handler service (using for example AuthenticationSuccessHandlerInterface or LogoutHandlerInterface), will it overide the default success handler provided in the framework ?
For the logout part of the configuration, how work the handlersfield ?

Check [this](https://stackoverflow.com/questions/28400632/symfony-2-after-login-do-some-extra-job/28403893#28403893) answer. Hope this help — Matteo, Feb 10 '15 at 08:43
@Matteo Thank you. I have read a lot of posts on the subject but I could not find any precise information . What I would like to know is if I define my own succes handler, will it override the default one or do I need to extend the default one as described in this [post](http://stackoverflow.com/questions/15918617/symfony2-extending-defaultauthenticationsuccesshandler) ? — Cruz, Feb 10 '15 at 08:50
To override the default success handler i think that you should add this to your security.yml parameters: security.authentication.success_handler.class: Xxx\YourBundle\Component\OverSf2\Security\Http\Authentication\AuthenticationSuccessHandler services: security.authentication.success_handler: class: %security.authentication.success_handler.class% public: false arguments: ['@router', '@security.user.entity_manager'] — Hajri Aymen, Feb 10 '15 at 09:46
@Hajri I want to avoid overriding the default success handler. — Cruz, Feb 10 '15 at 09:56

score 7 · Accepted Answer · answered Feb 13 '15 at 08:24

For information, in logout part of app/config/security.yml :

handlers: [some.service.id, another.service.id] => Here you have to define services implementing Symfony\Component\Security\Http\Logout\LogoutHandlerInterface. Theses handles do not need to return a response. In my case I created a simple handler that creates a flash message on logout.

success_handler: some.service.id => Here you have to define a service implementing => Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface. This handler have to return a response. This handler is called by the constructor of Symfony\Component\Security\Http\Firewall\LogoutListener (firewall listener).

to answer your 1st question: yes by creating custom `succes_handler` service you will overwrite the default one. however the default logout handler is `DefaultLogoutSuccessHandler` and all it does is, it redirects to `logout target` route so its safe to overwrite this. mark this response as correct answer please — gondo, Apr 21 '15 at 07:49

score 0 · Answer 2 · answered Feb 10 '15 at 12:35

0

I tried with success the next solution https://gist.github.com/marydn/8061424 Seems to be what you are trying to do.

answered Feb 10 '15 at 12:35

Alexandru Olaru

6,842
6
27
53

Thank you. Yes that's what I want to do. I have no problem on how to do this. I wanted to be sure that using this method I would not override the default success handler provided in Symfony (as the documentation is not really helpful). – Cruz Feb 10 '15 at 13:46
To be more specific I want to add a flash message on login/logout event, so I don't want to affect the response. For login, an event listener can be used (listening to security.interactive_login) and for logout a logout succes handler implementing LogoutHandlerInterface (as there is no logout event). This interface permits to avoid returning a response (by opposition to LogoutSuccessHandlerInterface). – Cruz Feb 10 '15 at 13:56

Symfony 2 : Security Configuration : Login and logout handlers

2 Answers2