You are browsing the documentation for Symfony 2.5 which is not maintained anymore.
Consider upgrading your projects to Symfony 5.3.
How to Impersonate a User
How to Impersonate a User¶
Sometimes, it’s useful to be able to switch from one user to another without
having to log out and log in again (for instance when you are debugging or trying
to understand a bug a user sees that you can’t reproduce). This can be easily
done by activating the switch_user firewall listener:
- YAML
1 2 3 4 5 6
# app/config/security.yml security: firewalls: main: # ... switch_user: true
- XML
1 2 3 4 5 6 7 8 9 10 11 12 13 14
<!-- app/config/security.xml --> <?xml version="1.0" encoding="UTF-8"?> <srv:container xmlns="http://symfony.com/schema/dic/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:srv="http://symfony.com/schema/dic/services" xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> <config> <firewall> <!-- ... --> <switch-user /> </firewall> </config> </srv:container>
- PHP
1 2 3 4 5 6 7 8 9
// app/config/security.php $container->loadFromExtension('security', array( 'firewalls' => array( 'main'=> array( // ... 'switch_user' => true ), ), ));
To switch to another user, just add a query string with the _switch_user
parameter and the username as the value to the current URL:
1 | http://example.com/somewhere?_switch_user=thomas
|
To switch back to the original user, use the special _exit username:
1 | http://example.com/somewhere?_switch_user=_exit
|
During impersonation, the user is provided with a special role called
ROLE_PREVIOUS_ADMIN. In a template, for instance, this role can be used
to show a link to exit impersonation:
- Twig
1 2 3
{% if is_granted('ROLE_PREVIOUS_ADMIN') %} <a href="{{ path('homepage', {'_switch_user': '_exit'}) }}">Exit impersonation</a> {% endif %}
- PHP
1 2 3 4 5 6 7 8 9
<?php if ($view['security']->isGranted('ROLE_PREVIOUS_ADMIN')): ?> <a href="<?php echo $view['router']->generate('homepage', array( '_switch_user' => '_exit', ) ?>" > Exit impersonation </a> <?php endif ?>
Of course, this feature needs to be made available to a small group of users.
By default, access is restricted to users having the ROLE_ALLOWED_TO_SWITCH
role. The name of this role can be modified via the role setting. For
extra security, you can also change the query parameter name via the parameter
setting:
- YAML
1 2 3 4 5 6
# app/config/security.yml security: firewalls: main: # ... switch_user: { role: ROLE_ADMIN, parameter: _want_to_be_this_user }
- XML
1 2 3 4 5 6 7 8 9 10 11 12 13 14
<!-- app/config/security.xml --> <?xml version="1.0" encoding="UTF-8"?> <srv:container xmlns="http://symfony.com/schema/dic/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:srv="http://symfony.com/schema/dic/services" xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> <config> <firewall> <!-- ... --> <switch-user role="ROLE_ADMIN" parameter="_want_to_be_this_user" /> </firewall> </config> </srv:container>
- PHP
1 2 3 4 5 6 7 8 9 10 11 12
// app/config/security.php $container->loadFromExtension('security', array( 'firewalls' => array( 'main'=> array( // ... 'switch_user' => array( 'role' => 'ROLE_ADMIN', 'parameter' => '_want_to_be_this_user', ), ), ), ));
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.