Exclude public pages from access control list

About

Asked 3/9, 2012 at 14:27 Answered 3/9, 2012 at 14:32

I have application in Symfony2 with 2 roles: ROLE_ADMIN and ROLE_PARTNER. Also I have some public pages. All public pages starts with URL "/public/". I want to protect all application excluded these public items.

My current config:

access_control:
    - { path: /.*, role: ROLE_PARTNER|ROLE_ADMIN }
    - { path: /public/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

But it works wrong (looping redirection).

Prolate answered 3/9, 2012 at 14:27 Comment(0)

Change the order:

access_control:
    - { path: ^/public/, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, role: ROLE_PARTNER|ROLE_ADMIN }

The second option is to turn off security for the public section completely:

firewalls:
    public:
        pattern: ^/public/
        security: false

Dasya answered 3/9, 2012 at 14:32 Comment(2)

You helped me with help of @Carlos Granados – Prolate 3/9, 2012 at 14:36

This solution is probably the clearest. One thing to keep in mind though; In my situation the secured area was ^/ and I had to exclude ^/api. I had to list the ^/api definition "before" the overall ^/ definition to make it work. – Dong 21/5, 2015 at 0:15

Add:

- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

See "Common Pitfalls" in http://symfony.com/doc/current/book/security.html#using-a-traditional-login-form

Starofbethlehem answered 3/9, 2012 at 14:29 Comment(1)

You helped me with help of @elnur – Prolate 3/9, 2012 at 14:36

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags