Allow controller action in symfony access cotrol

Question

I have an API project in Symfony. Authentication is secured by the JWT token. I want to allow 2 actions in the controller which can be used without login users.

/point/{param}/elmeter
/point/{param}/measurement

I tried to allow in security.yaml access control without success.

access_control:
        - { path: ^/api/point/.*/(elmeter|measurement)$, role: IS_AUTHENTICATED_ANONYMOUSLY }

    /**
     * @param string $sign
     * @param Request $request
     *
     * @Route("/point/{sign}/elmeter", methods={"POST"}
     */
    public function postPointElmeterAction(string $sign, Request $request)
    {
        ...
    }

   /**
     * @param string $sign
     * @param Request $request
     *
     * @Route("/point/{sign}/measurement", methods={"POST"}, name="api_point_measurement")
     */
    public function postPointMeasurementAction(string $sign, Request $request)
    {
        ...
    }

Thank you for every answer.

https://github.com/lexik/LexikJWTAuthenticationBundle but this works fine. When I call actions with token in request then i get response. But I want call actions without auth. — Tomas, Oct 20 '19 at 09:07

akshaypjoshi · Accepted Answer · 2019-10-20T09:14:47.247

3

You need to specify this route in firewalls section in security.yaml like this:

security:
    ...
    ...
    firewalls
        point:
            pattern: ^/api/point/.*/(elmeter|measurement)$
            stateless: true
            anonymous: true

    access_control:
    - { path: ^/api/point/.*/(elmeter|measurement)$, role: IS_AUTHENTICATED_ANONYMOUSLY }

edited Oct 20 '19 at 09:14

answered Oct 20 '19 at 09:08

akshaypjoshi

1,245
1
15
24

Allow controller action in symfony access cotrol

1 Answers1