symfony 2: get current logged in user on non secured pages through firewall

Question

how to get the current logged in user on non secured pages?

I have only an /account/ page which is secured through the firewall and the other pages are unprotected.

My global navigation has the following template (simplified):

{% if app.user %}
  <a href="/account/data">...
  <a href="/logout>...
{% else %}
  <a href="/account/login">....
{% endif %}

Problem: The navigation with the logout link should be accessible on unsecured page too, but there is no UsernamePasswordToken...and symfony displays the login link, instead of the /logout and /account/data links. I configured all other pages with an anonymous listener, but it does not work properly.

is there a solution for it ?

Answer 1

You can't get the user on a non-firewalled page. Enable the firewall for the whole app, allow anonymous access, and protect particular parts of the app with access_control:

security:
    firewalls:
        main:
            pattern: ^/
            anonymous: ~

    access_control:
        - { path: ^/protected, roles: ROLE_SOME }