minor #5399 Quick review of Form login chapter (WouterJ)

This PR was merged into the 2.3 branch. Discussion ---------- Quick review of Form login chapter Commits ------- 2cbd368 Quick review of Form login chapter
symfony · Jun 28, 2015 · ff3684e · ff3684e
2 parents 5cbdabf + 2cbd368
commit ff3684e
Showing 1 changed file with 14 additions and 8 deletions.
diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst
@@ -39,8 +39,8 @@ First, enable form login under your firewall:
         <!-- app/config/security.xml -->
         <?xml version="1.0" encoding="UTF-8"?>
         <srv:container xmlns="http://symfony.com/schema/dic/security"
-            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:srv="http://symfony.com/schema/dic/services"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://symfony.com/schema/dic/services
                 http://symfony.com/schema/dic/services/services-1.0.xsd">
 
@@ -82,7 +82,6 @@ bundle::
     namespace AppBundle\Controller;
 
     use Symfony\Bundle\FrameworkBundle\Controller\Controller;
-    use Symfony\Component\HttpFoundation\Request;
 
     class SecurityController extends Controller
     {
@@ -126,6 +125,7 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``):
         login_route:
             path:     /login
             defaults: { _controller: AppBundle:Security:login }
+
         login_check:
             path: /login_check
             # no controller is bound to this route
@@ -159,6 +159,7 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``):
         $collection->add('login_route', new Route('/login', array(
             '_controller' => 'AppBundle:Security:login',
         )));
+
         $collection->add('login_check', new Route('/login_check', array()));
         // no controller is bound to this route
         // as it's handled by the Security system
@@ -320,12 +321,13 @@ see :doc:`/cookbook/security/form_login`.
 
 .. _book-security-common-pitfalls:
 
-Avoid common Pitfalls
+Avoid Common Pitfalls
 ---------------------
 
 When setting up your login form, watch out for a few common pitfalls.
 
-**1. Create the correct routes**
+1. Create the Correct Routes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 First, be sure that you've defined the ``/login`` and ``/login_check``
 routes correctly and that they correspond to the ``login_path`` and
@@ -334,7 +336,8 @@ redirected to a 404 page instead of the login page, or that submitting
 the login form does nothing (you just see the login form over and over
 again).
 
-**2. Be sure the login page isn't secure (redirect loop!)**
+2. Be Sure the Login Page Isn't Secure (Redirect Loop!)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Also, be sure that the login page is accessible by anonymous users. For example,
 the following configuration - which requires the ``ROLE_ADMIN`` role for
@@ -450,15 +453,17 @@ for the login page:
             ),
         ),
 
-**3. Be sure /login_check is behind a firewall**
+3. Be Sure /login_check Is Behind a Firewall
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Next, make sure that your ``check_path`` URL (e.g. ``/login_check``) is behind
 the firewall you're using for your form login (in this example, the single
 firewall matches *all* URLs, including ``/login_check``). If ``/login_check``
 doesn't match any firewall, you'll receive a ``Unable to find the controller
 for path "/login_check"`` exception.
 
-**4. Multiple firewalls don't share security context**
+4. Multiple Firewalls Don't Share Security Context
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 If you're using multiple firewalls and you authenticate against one firewall,
 you will *not* be authenticated against any other firewalls automatically.
@@ -467,7 +472,8 @@ to explicitly specify the same :ref:`reference-security-firewall-context`
 for different firewalls. But usually for most applications, having one
 main firewall is enough.
 
-**5. Routing error pages are not covered by firewalls**
+5. Routing Error Pages Are not Covered by Firewalls
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 As routing is done *before* security, 404 error pages are not covered by
 any firewall. This means you can't check for security or even access the