Menu
I'm starting with journey with Symfony.
At this I trying to secure my auth routes (I'm using FOSUserBundle) so I do:
access_control:
- { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/rejestracja, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetowanie-hasla, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backstage/, role: ROLE_ADMIN }
- { path: ^/profile/, role: ROLE_USER }
However, I can always go to these routes whether I'm logged in or not.
Where is my bad?
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
check_path: fos_user_security_check
login_path: fos_user_security_login
logout:
path: fos_user_security_logout
target: website.home
logout: true
anonymous: true
access_control:
- { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/rejestracja, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetowanie-hasla, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backstage/, role: ROLE_ADMIN }
- { path: ^/profile/, role: ROLE_USER }
347
You should restrict access to logged-in users, now if a user is logged in, also has the role IS_AUTHENTICATED_ANONYMOUSLY, this is role hierarchy.
- { path: ^/logowanie$, role: IS_AUTHENTICATED_ANONYMOUSLY && !IS_AUTHENTICATED_FULLY }
You can use PUBLIC_ACCESS instead off IS_AUTHENTICATED_ANONYMOUSLY
access_control:
- { path: ^/logowanie$, roles: PUBLIC_ACCESS }
best regards ;)
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
