restricting access to pages on my site if I did not start session in Symfony2 with fosuser

Question

I have installed in my application FosUserBundle with a version of Symfony 2.5, i can access to my site: MySite/login and logout: MySite/logout, but regardless if a user is logged it let's me access to any page of my site

How I can give solution to this

security.yml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
    fos_userbundle:
        id: fos_user.user_manager
firewalls:
    login_firewall:
        pattern:    ^/login$
        anonymous:  ~
    main:
        pattern:    ^/
        form_login:
            provider:   fos_userbundle
            csrf_provider:  form.csrf_provider
            login_path: fos_user_security_login
            check_path: fos_user_security_check
            default_target_path:    /
        logout: 
            path:   /logout
            target: /login
        anonymous:   ~
access_control:
    - { path:  ^/$, roles: ROLE_USER  }

score 2 · Accepted Answer · answered Nov 25 '14 at 15:59

2

You must change your access control, the next way:

access_control:
    - { path: ^/login, roles: IS_AUTHENTIFICATED_ANONYMOUSLY }
    - { path: ^/*, roles: ROLE_ADMIN }

answered Nov 25 '14 at 15:59

Liz

565
6
11

restricting access to pages on my site if I did not start session in Symfony2 with fosuser

1 Answers1