I have following structure on my website:
/Login page, when someone goes to the website, they automatically get on this page. Its not needed to be logged in.
When someone logs in, they get on the /game/welcome page. From there on they can acces /game/account and such pages.
Now when I go straight to /game/welcome, without logging in, I can acces this page. How can I prevent this?
This is my security.yml file:
# you can read more about security in the related section of the documentation
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
Login\LoginBundle\Entity\User: sha512
#algorithm: sha1
#iterations: 1
#encode_as_base64: true
#Login\Loginbundle\Entity\User: sha512
# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
user:
entity:
class: Login\LoginBundle\Entity\User
property: username
#in_memory:
#memory:
#users:
#user: { password: userpass, roles: [ 'ROLE_USER' ] }
#admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }