I am making a site with Symfony3 and there is expected need for some pages to be firewall-ed. For user management i am using FosUserBundle ~2.0@dev.
Logging in and out works (so it seems to me that FosUserBundle is configured correctly).
I am expecting that login form is to be shown if page is firewalled.
BUT, these URLs does not respect firewall and display their content for anonymous users...
- localhost:8000/en/admin
- localhost:8000/en/admin/delete-tev
- localhost:8000/en/admin/import-tev
- localhost:8000/en/admin/click-list
here is my security.yml configuration:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|img|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_token_generator: security.csrf.token_manager
logout:
path: fos_user_security_logout
target: goods_list_exclusive
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/click_list, role: ROLE_ADMIN }
- { path: ^/admin/import_tev, role: ROLE_ADMIN }
- { path: ^/admin/delete_tev, role: ROLE_ADMIN }
- { path: ^/admin/, role: ROLE_ADMIN }
here is my routing:
app:
resource: "@AppBundle/Controller/"
type: annotation
# redirecting home
homepage:
path: /
defaults:
_controller: FrameworkBundle:Redirect:redirect
route: goods_list_exclusive
permanent: true
# redirecting home
homepage_lv:
path: /lv/
defaults:
_controller: FrameworkBundle:Redirect:redirect
route: goods_list_exclusive
permanent: true
# redirecting home
homepage_en:
path: /en/
defaults:
_controller: FrameworkBundle:Redirect:redirect
route: goods_list_exclusive
permanent: true
# redirecting home
homepage_ru:
path: /ru/
defaults:
_controller: FrameworkBundle:Redirect:redirect
route: goods_list_exclusive
permanent: true
goods_list_exclusive:
path: /{_locale}/goods-list-exclusive
defaults: { _controller: AppBundle:Goods:goodsListExclusive }
requirements:
_locale: lv|en|ru
goods_list_new:
path: /{_locale}/goods-list-new
defaults: { _controller: AppBundle:Goods:goodsListNew }
requirements:
_locale: lv|en|ru
goods_show:
path: /{_locale}/goods-show/{id}
defaults: { _controller: AppBundle:Goods:goodsShow }
requirements:
_locale: lv|en|ru
goods_external_link:
path: /{_locale}/goods-external-link/{id}
defaults: { _controller: AppBundle:Goods:goodsExternalLink }
requirements:
_locale: lv|en|ru
admin_import_tev:
path: /{_locale}/admin/import-tev
defaults: { _controller: AppBundle:Import:importTev }
requirements:
_locale: lv|en|ru
admin_delete_tev:
path: /{_locale}/admin/delete-tev
defaults: { _controller: AppBundle:Delete:deleteTev }
requirements:
_locale: lv|en|ru
admin_click_list:
path: /{_locale}/admin/click-list
defaults: { _controller: AppBundle:Click:clickList }
requirements:
_locale: lv|en|ru
admin:
path: /{_locale}/admin
defaults: { _controller: AppBundle:Default:admin }
requirements:
_locale: lv|en|ru
fos_user:
resource: "@FOSUserBundle/Resources/config/routing/all.xml"
prefix: /{_locale}
Thank you for your time.