2

I am developing APIs with symfony2 and I have implemented WSSE authentication. I need to skip authentication for some the URLs as they will be publically accessible. Publically accessible URLs has format like:

www.myserver.com/api/v1/public/testaction1
www.myserver.com/api/v1/public/testaction2

There is one more URL which is publically accessible, which is documentation for API:

www.myserver.com/api/doc/

Except the above-mentioned URLs all other action should come under authetication scheme, I tried tweaking URL pattern under firewall Config option as:

security.yml

 firewalls:
        wsse_secured:
            pattern:   ^/api/[^doc | ^v1\/public/].*

which doesn't seem to work, can you please help me with skipping these URLs from authentication? Am I missing the correct regular expression?

EDIT

Here is the access control section of my security.yml

access_control:
        - {path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY}
Rahul
  • 2,189
  • 7
  • 40
  • 60

1 Answers1

6

You'll need to add a specific firewall for anonymous access : 

firewalls:
  api:
    pattern: ^/api
  doc:
    pattern: ^/api/doc
    security: false
  public:
    pattern: ^/api/public
    security: false

Another option is to allow anonymous users to access these 2 firewalls, I don't know however if it will works with remote curl calls for e.g.

Christophe Willemsen
  • 19,399
  • 2
  • 29
  • 36
  • sorry for late reply, thanks for the answer, setting up different firewalls did help me :) – Rahul Dec 12 '14 at 09:39
  • I was trying to achieve this (i.e. to remove authentication for some URLs) with the single firewall and hence was trying to come with the pattern that will skip those specific URLs from authentication, however I didn't get success. I guess configuring multiple firewalls seems to be the way to go – Rahul Dec 15 '14 at 07:24
  • 2
    note that the order in the firewall declaration will play a role here, first comes first applies – Michael May 28 '16 at 09:54