1

I have this security.yml file:

...
security:
    encoders:
        Trainme\RestBundle\Document\User:
          id: security.encoder.blowfish

    role_hierarchy:
        ROLE_TRAINER:     ROLE_USER
        ROLE_ADMIN:       ROLE_TRAINER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        trainme_admin_provider:
            id: trainme_admin.user_provider

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        secured_admin:
            pattern:    ^/admin
            form_login:
                check_path: trainme_security_check
                login_path: trainme_login
                default_target_path: trainme_dashboard
            logout:
                path:   trainme_logout
                target: trainme_redirect_route

    access_control:
      - { path: ^/admin, roles: ROLE_ADMIN }
      - { path: ^/profile, roles: ROLE_TRAINER }

And when user's role is ROLE_TRAINER they will be redirected to /profile, if ROLE_ADMIN then /admin. I do this using the following solution How to redirect to different url based on roles in symfony 2.

The problem is: When a look at debug toolbar in /profile, it says that i'm not authenticated. Why i'm not authenticated? I already login using login form. But when I logged in as ROLE_ADMIN and i'm in /admin, it says that I'm authenticated.

Community
  • 1
  • 1
Permana
  • 1,972
  • 2
  • 33
  • 51

1 Answers1

0

The authentication process is only triggered if the requested url is behind a firewall. Your firewall is only in place for the pattern ^/admin. If you want the firewall to be active across the whole site you should set your pattern to just ^/ and use the access controls section to define the specific roles for different areas of the site (as you have done). Alternatively you can set up a second firewall if you wish but typically one firewall with appropriate access controls is sufficient.

Mark
  • 1,754
  • 1
  • 12
  • 14