symfony: security false in all firewalls, authentication provider required error

When security is set to false in all firewalls in security.yml, the application will fail to start with following error:

InvalidArgumentException: You must at least add one authentication provider.

It does not matter whether some authentication providers are defined or not. Here is my config:

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            users:
                user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }

    firewalls:
        disabled:
            pattern: ^/
            security: false

    access_control:
        #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
        #- { path: ^/_internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }

About this issue

Original URL
State: closed
Created 12 years ago
Comments: 17 (10 by maintainers)

Most upvoted comments

We are using network configuration to firewall our internal API. We have NO need for provider or firewalls. It would be nice to just turn it all off without complaints about user providers and authenticators.

As of now, the minimum config I have found that works is:

security:
    providers:
        in_memory:
            memory: ~

    firewalls:
        disabled:
            pattern:   ^/
            security:  false
            stateless: true

Something this this would be nice:

security:
    enabled: false

dailytabs on Aug 6, 2014

@dailytabs if you just restrict the access based on some IP, you don’t do any authentication in your app, which means that the security component is not what you need. Just remove the SecurityBundle in this case

stof on Aug 6, 2014