You must configure the check path to be handled by the firewall using form_login in your security firewall configuration

Question

i have webservice which is provider for my "regular" users. I want to use FosUserBundle for my administrators. Above is my security configuration. regular users login works with no problem, but when i want to login as admin i got this message:

"You must configure the check path to be handled by the firewall using form_login in your security firewall configuration. "

Here is my security configuration:

security:
encoders:
    Locastic\CustomUserBundle\Security\User\User: plaintext
    FOS\UserBundle\Model\UserInterface: sha512

providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email
    webservice:
        id: locastic.user_provider

firewalls:               
    main:
        pattern: ^/admin
    form_login:
        provider:               fos_userbundle
        login_path:             fos_user_security_login 
        check_path:             fos_user_security_check
        csrf_provider:          form.csrf_provider
        logout:       true
        anonymous:    true
        remember_me:
            key:      "%secret%"
            lifetime: 31536000 # 365 days in seconds
            path:     /
            domain:   ~ # Defaults to the current domain from $_SERVER
    user-service:
        pattern: ^/
        logout:       
          path:   /logout
        anonymous:    true
        webservice-login:
            check_path: /prijava-provjera
            login_path: /prijavi-se
            provider: webservice
            always_use_default_target_path: true
            default_target_path: /stanje-racuna

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, role: ROLE_ADMIN }

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

Answer 1

I think you need to put form_login under a firewall ( either main or add another one )

form_login under main firewall :

firewalls:               
main:
    pattern: ^/admin
    form_login:
        provider:               fos_userbundle
        login_path:             fos_user_security_login 
        check_path:             fos_user_security_check
        csrf_provider:          form.csrf_provider
        logout:       true
        anonymous:    true ....

form_login under another firewall

firewalls:               
    main:
        pattern: ^/admin
    second_firewall:
        pattern: ^/
        form_login:
            provider:               fos_userbundle
            login_path:             fos_user_security_login 
            check_path:             fos_user_security_check
            csrf_provider:          form.csrf_provider
            logout:       true
            anonymous:    true .....

Answer 2

Your code is wrong only in the part of check_path value.

This is your original code:

firewalls:               
    main:
        pattern: ^/admin
        form_login:
            provider:               fos_userbundle
            login_path:             fos_user_security_login 
            check_path:             fos_user_security_check
            csrf_provider:          form.csrf_provider
            logout:       true
            anonymous:    true

And you should use something like:

firewalls:               
    main:
        pattern: ^/admin
        form_login:
            provider:               fos_userbundle
            login_path:             fos_user_security_login 
            check_path:             /login_check
            csrf_provider:          form.csrf_provider
            logout:       true
            anonymous:    true

Note that check_path has as value only a string. If you use the value fos_user_security_check you are calling to SecurityController.php class and invoking the checkAction() method which exactly only throws an RuntimeError Exception with the error displayed "You must configure the check path to be handled by the firewall using form_login in your security firewall configuration.". So the fix is so simple that not use the value fos_user_security_check

Answer 3

pattern: ^/admin

This is possibly where your problems start.

Try changing this back to ^/

Then change your routes for FosUserBundle

# app/config/routing.yml

fos_user_security:
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"
    prefix: /admin

fos_user_profile:
    resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
    prefix: /admin/profile

fos_user_register:
    resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
    prefix: /admin/register

fos_user_resetting:
    resource: "@FOSUserBundle/Resources/config/routing/resetting.xml"
    prefix: /admin/resetting

fos_user_change_password:
    resource: "@FOSUserBundle/Resources/config/routing/change_password.xml"
    prefix: /admin/profile

Answer 4

In some instances, I can see that this is caused by default security settings generated when symfony is installed by composer.

In my case, in my security.yml, I had this section:

default:
    anonymous: ~

As this was working as a catch-all, it was interfering with FOSUserBundle's ability to handle the route. Just delete it or, if you have a route you've specified yourself, make sure it's not also handling the same URL path.