I'm using FOSUserBundle in an ongoing project and everything works fine but I'm having a small problem when I close session because I go to the index of the application instead of staying in the safe area (secured) which is /admin/login where the login form is. This is my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /admin
invalidate_session: false
anonymous: true
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
anyone can tell me where I am making the mistake?
I think it's the anonymous: true. If you basically want the whole site to be under access control, with no pages apart from the login page being accessible to someone not logged in then you want something like this:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
path: /logout
target: /admin
invalidate_session: false
anonymous: ~ # NO ANONYMOUS ACCESS
access_control:
- { path: ^/admin, role: ROLE_ADMIN }
# anonymous visitors need to be able to get to the logon pages
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Could also add "safe" routes like an "about" or "contact us" pages here if you like
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }