So i am building a symfony2 api using fosrestbundle fosuserbundle and LexikJWTAuthenticationBundle and when i want to acces to /api/users.json to post a new user i get a 401 error Bad Credentials.
i tried to add a line in access control this way :
- { path: post_user, role: IS_AUTHENTICATED_ANONYMOUSLY }
but it didn't work.
i also tried :
- { path: post_user, role: IS_AUTHENTICATED_ANONYMOUSLY, methods:[POST] }
how can i exclude only the post endpoint ?
The solution is to create a new firewall disabling authentication on a url pattern. The tricky thing is that security configuration also allows you to select the methods covered by the firewall.
Just add this in your firewalls in security.yml :
public:
methods: [POST]
pattern: ^/api/users
security: false
you have now access to your endpoint on post method and get put and delete will still require whatever authentication protocol you use :)