|
1 | 1 | How to Use multiple User Providers |
2 | 2 | ================================== |
3 | 3 |
|
| 4 | +.. note:: |
| 5 | + |
| 6 | + It's always better to use a specific user provider for each authentication |
| 7 | + mechanism. Chaining user providers should be avoided in most applications |
| 8 | + and used only to solve edge cases. |
| 9 | + |
4 | 10 | Each authentication mechanism (e.g. HTTP Authentication, form login, etc) |
5 | 11 | uses exactly one user provider, and will use the first declared user provider |
6 | 12 | by default. But what if you want to specify a few users via configuration |
@@ -150,5 +156,25 @@ system will use the ``in_memory`` user provider. But if the user tries to |
150 | 156 | log in via the form login, the ``user_db`` provider will be used (since it's |
151 | 157 | the default for the firewall as a whole). |
152 | 158 |
|
| 159 | +If you need to check that the user being returned by your provider is a allowed |
| 160 | +to authenticate, check the returned user object:: |
| 161 | + |
| 162 | + use Symfony\Component\Security\Core\User; |
| 163 | + // ... |
| 164 | + |
| 165 | + public function loadUserByUsername($username) |
| 166 | + { |
| 167 | + // ... |
| 168 | + |
| 169 | + // you can, for example, test that the returned user is an object of a |
| 170 | + // particular class or check for certain attributes of your user objects |
| 171 | + if ($user instance User) { |
| 172 | + // the user was loaded from the main security config file. Do something. |
| 173 | + // ... |
| 174 | + } |
| 175 | + |
| 176 | + return $user; |
| 177 | + } |
| 178 | + |
153 | 179 | For more information about user provider and firewall configuration, see |
154 | 180 | the :doc:`/reference/configuration/security`. |
0 commit comments