Symfony 2 - hide the whole website with a HTTP Authentication dialog

Question

I am using Symfony 2 for building a website.

The work is in progress (therefore I don\'t want users or search engines to access it) but my client wants to see my pro

Answer 1

my solution in Symfony2, using the basic firewall of symfony (without FOSUserBundle):

# app/config/security.yml
security:

    firewalls:
        secured_area:
            pattern: ^/
            anonymous: ~
            form_login:
                login_path: login
                check_path: login_check

    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/, roles: ROLE_USER }

    providers:
        in_memory:
            memory:
                users:
                    redattore: { password: 'somePasswordHere', roles: 'ROLE_USER' }
                    admin: { password: 'somePasswordHere', roles: 'ROLE_ADMIN' }

    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

It works perfectly for me. It's a very basic configuration - without hashing passwords, without data base provider ("providers:" section), without https connection (everything goes in plain text throughout the internet), without logout stuff and other nice features. I hope it will help you. With kind regards