0

I'm currently working on symfony 4 project with React js to handle admin panel . I used Webpack Encore to connect React JS .

the path of The React JS app is :

my_project_symfony/

And i have an api in :

my_project_symfony/api

The React JS is supposed to present the admin interface so it must be protected by admin role .

My security config is :

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    login:
        pattern: ^/api/login
        stateless: true
        anonymous: true
        json_login:
            check_path: /api/login_check
            success_handler: lexik_jwt_authentication.handler.authentication_success
            failure_handler: lexik_jwt_authentication.handler.authentication_failure
    api:
        pattern: ^/api
        stateless: true
        anonymous: true
        guard:
            authenticators:
                - lexik_jwt_authentication.jwt_token_authenticator
    main:
        anonymous: true
    refresh:
        pattern:  ^/token/refresh
        stateless: true
        anonymous: true

With this configuration how can i protect my React JS admin interface with admin role and at the same time allow role user to use my api ?

I want to :

my_project_symfony/ReactJsAPP  // Protected by admin role

my_project_symfony/api// Protected by user role
Khaled Boussoffara
  • 1,567
  • 2
  • 25
  • 53
  • Read the docs https://symfony.com/doc/current/security.html#securing-url-patterns-access-control – Vyctorya Mar 27 '20 at 13:13
  • I read it, but i want create an admin route. could i prevent use to authenticate if he's not an admin ? i mean in the React Js appp i prevent user to generate token if he's not admin – Khaled Boussoffara Mar 28 '20 at 11:52

0 Answers0