I would like to have the whole page access enabled only if user logged in (except the FOS user login page)
This is how I set the access control:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_ADMIN }
But the problem is as it now blocks all my scripts. CSS and JS are not available, so login page is not styled! If I remove:
- { path: ^/, role: ROLE_ADMIN }
From the access control everything is OK and the login page is styled. Any help on how to put the whole page under "lockdown" (except the login page) but still have the styles displayed (CSS)?
The paths to your js, css and bundles directories are being caught by your access control that is stating that the user must be ROLE_ADMIN. To sort this you can just add rules for these directories above the ^/ rule using IS_AUTHENTICATED_ANONYMOUSLY like..
access_control:
- { path: ^/css, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/js, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/bundles, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_ADMIN }