Symfony-docs: No authentication listener registered for firewall "secured_area" -> from doc example

Created on 7 Oct 2015  路  11Comments  路  Source: symfony/symfony-docs

I am following the instructions available at: http://symfony.com/doc/current/book/security.html to create a basic authentication system.

I have reached the Logging Out section at the bottom of the page. I have added the secured_area: in security.yml and a route in routing.yml. Yet, when I run my example, I get an error message:

InvalidConfigurationException in SecurityExtension.php line 429:
No authentication listener registered for firewall "secured_area".

Someone has reported this issue on Stackoverflow at http://stackoverflow.com/a/29588718/520957. In the comments of the approved answer, someone says:

I believe logout provider was not designated to working with basic authentication.

If this is correct, the documentation should mention it, else it should clarify how to set-up the authentication listener. Thanks.

Security Waiting feedback

Most helpful comment

If people read the documentation, it is usually with the intention of learning how to use Symfony2. An application where you could login but not logout does not make sense from an educational purpose. They will never implement such applications in the real world. They need to know how they should implement logout.

All 11 comments

Thanks for reporting this @JVerstry. Can you show how exactly your security config looked like when you got that error message?

Here it is:

security:

    providers:
        in_memory:
            memory:
                users:
                    user1:
                        password: user1
                        roles: 'ROLE_USER'
                    user2:
                        password: user2
                        roles: 'ROLE_USER'
                    admin:
                        password: admin
                        roles: 'ROLE_ADMIN'

    firewalls:
        # default:
        #     remember_me:
        #         key:      "%secret%"
        #         lifetime: 604800 # 1 week in seconds
        #         path:     /

        # Need to create route in routing.yml, but no need in a controller
        secured_area:
            logout:
                path:   /logout
                target: /

        # disables authentication for js,css, images, etc...
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        # fallback -> types of authentication
        main:
            anonymous: ~
            form_login:
                login_path: homepage
                check_path: login_check
                default_target_path: homepage
                failure_path: homepage
            logout:
                path:   /logout
                target: /

    encoders:
        # algorithm to encode passwords
        Symfony\Component\Security\Core\User\User: plaintext

    role_hierarchy:
        # admin is user too
        ROLE_ADMIN:       ROLE_USER

Hm, yeah, your secured_area doesn't have an authentication listener. For brevity we don't repeat all options from former examples but add placeholders (like # ... in the example for the logout handling) to indicate that you would have to fill this part. I am not sure if there is a better way to make this more clear.

May be we could include a link to a section explaining how to implement such listeners. The issue is I can't find that section in the current documentation.

To put it in a different way: I got my application to work (including logout) by actually not putting any configuration in security.yml, which is strange, because it goes against what the documentation recommends.

The thing is, we basically show that implicitly in http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate where we add http_basic, but this example does not make much sense when it later on comes to logging out a user.

If people read the documentation, it is usually with the intention of learning how to use Symfony2. An application where you could login but not logout does not make sense from an educational purpose. They will never implement such applications in the real world. They need to know how they should implement logout.

I agree with you. Probably we should either show how to use the form login in the book or else move the logout part to the cookbook that deals with form logins.

There is a pull request pending to be merged which explains why logout doesn't work for http_basic: https://github.com/symfony/symfony-docs/pull/5630

Closing as fixed by #5630. Thanks!

Im just learning Symfony 5.1 today and the same problem still exists,
Trying to learn the new "experimental" system and its very frustrating

Was this page helpful?
0 / 5 - 0 ratings