New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security][Firewall] Why firewalls are not merged as other security elements? #16517
Comments
this is because the order of firewalls is very important, as the first match defines the security rules being applied for the request. Merging entries from different files config files does not allow to control where new keys are inserted in the list. This is why we enforce defining all firewall names in the initial file (you can still redefine the config of an existing firewall entirely in a subsequent config file). |
oh :) now that's something new to me. |
By using prepend extension, you can also pre-define rules already, which will make defining the config possible from other files (you can't merge but you can replace). We used this "hack" to make it possible to inject configuration for a user-provider like this in our shared login bundle. |
@davide-romanini I don't think we need to do anything here. You can either try to use prepend in the extension, or force users to explicitly define the configuration (you could provide an example). In this case I don't think the later option is a bad idea. |
Thanks for your suggestions. It would be nice to see a real example of the prepend strategy for this specific use case.. |
I tried the "prepend" approach, but with no success: I always incur in the same "You are not allowed to define new elements for path "security.firewalls"." error. |
Closing it as "fixed", because as @stof said, this is a well-known and needed Symfony behavior. |
@davide-romanini Did you find a workable solution? |
I made a bundle to handle all the various user management needs common to several websites. The bundle contains a security boilerplate configuration ready to import. The problem is: with this setup I can only have a single main firewall. If I want to add a second one (for example a service that exposes an api with a different user provider) I obtain the message "You are not allowed to define new elements for path "security.firewalls". Please define all elements for this path in one config file".
What are the technical reasons for this choice? It should be farly simple to enable this feature.
The text was updated successfully, but these errors were encountered: