I was having trouble with symfony security + fos user bundle. I couldn't find anybody that replicated my problem, only similar problems but the solutions are not working. All the pages including / has to be secured except registration/resetting/login urls.
When I go to /login the url is "protected" unless I add it to my registration firewall. this works until I try to login and then it says I need to add the login path to the main firewall.
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
registration:
pattern: ^/(login|register|resetting)
security: false
main:
pattern: ^/
http_basic: ~
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/(_(profiler|wdt)|css|images|js), role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
Fixed by limiting the pattern of ^login to ^login$ so that login_check still passes to the main firewall.
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login$
security: false
registration:
pattern: ^/(register|resetting)
security: false
main:
pattern: ^/
http_basic: ~
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
logout: true
anonymous: true
access_control:
- { path: ^/(_(profiler|wdt)|css|images|js), role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }