I am following the instructions available at: http://symfony.com/doc/current/book/security.html to create a basic authentication system.
I have reached the Logging Out section at the bottom of the page. I have added the secured_area: in security.yml and a route in routing.yml. Yet, when I run my example, I get an error message:
InvalidConfigurationException in SecurityExtension.php line 429:
No authentication listener registered for firewall "secured_area".
Someone has reported this issue on Stackoverflow at http://stackoverflow.com/a/29588718/520957. In the comments of the approved answer, someone says:
I believe logout provider was not designated to working with basic authentication.
If this is correct, the documentation should mention it, else it should clarify how to set-up the authentication listener. Thanks.
Thanks for reporting this @JVerstry. Can you show how exactly your security config looked like when you got that error message?
Here it is:
security:
providers:
in_memory:
memory:
users:
user1:
password: user1
roles: 'ROLE_USER'
user2:
password: user2
roles: 'ROLE_USER'
admin:
password: admin
roles: 'ROLE_ADMIN'
firewalls:
# default:
# remember_me:
# key: "%secret%"
# lifetime: 604800 # 1 week in seconds
# path: /
# Need to create route in routing.yml, but no need in a controller
secured_area:
logout:
path: /logout
target: /
# disables authentication for js,css, images, etc...
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# fallback -> types of authentication
main:
anonymous: ~
form_login:
login_path: homepage
check_path: login_check
default_target_path: homepage
failure_path: homepage
logout:
path: /logout
target: /
encoders:
# algorithm to encode passwords
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
# admin is user too
ROLE_ADMIN: ROLE_USER
Hm, yeah, your secured_area doesn't have an authentication listener. For brevity we don't repeat all options from former examples but add placeholders (like # ... in the example for the logout handling) to indicate that you would have to fill this part. I am not sure if there is a better way to make this more clear.
May be we could include a link to a section explaining how to implement such listeners. The issue is I can't find that section in the current documentation.
To put it in a different way: I got my application to work (including logout) by actually not putting any configuration in security.yml, which is strange, because it goes against what the documentation recommends.
The thing is, we basically show that implicitly in http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate where we add http_basic, but this example does not make much sense when it later on comes to logging out a user.
If people read the documentation, it is usually with the intention of learning how to use Symfony2. An application where you could login but not logout does not make sense from an educational purpose. They will never implement such applications in the real world. They need to know how they should implement logout.
I agree with you. Probably we should either show how to use the form login in the book or else move the logout part to the cookbook that deals with form logins.
There is a pull request pending to be merged which explains why logout doesn't work for http_basic: https://github.com/symfony/symfony-docs/pull/5630
Closing as fixed by #5630. Thanks!
Im just learning Symfony 5.1 today and the same problem still exists,
Trying to learn the new "experimental" system and its very frustrating
Most helpful comment
If people read the documentation, it is usually with the intention of learning how to use Symfony2. An application where you could login but not logout does not make sense from an educational purpose. They will never implement such applications in the real world. They need to know how they should implement logout.