I have days trying to make this work and I can't so as a last resort I hope any can help me here. The point is that my application, as every application has a frontend which should be accessed by any user registered in the system except those that have, so far, the role ROLE_ADMIN and a backend which so otherwise, should have access only users with ROLE_ADMIN and normal users who do not own roles or having the default role ROLE_USER should neither be able to login.
The problem I have is that, regardless, if I sign with any normal user without permissions to the admin (lacks ROLE_ADMIN) and access to the URL app.php/admin them can enter without any problem which is completely wrong. On the other hand if I try to log on to the frontend with any user with ROLE_ADMIN can do it without any problem and this should not happen.
This is my configuration security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
login_path: /login
check_path: /login_check
default_target_path: home
always_use_default_target_path: true
use_referer: true
logout:
path: fos_user_security_logout
target: /
invalidate_session: true
anonymous: ~
access_control:
# Anonymous area
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/isLoggedIn$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/registro, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cedula, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/rif, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/correo, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/usuario, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/razon_social, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/registro_mercantil, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/padre, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/correo_alternativo, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/paises, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/estados, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/ciudades, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/municipios, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/parroquias, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/empresas, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured area
- { path: ^/, role: ROLE_USER }
- { path: ^/admin, role: ROLE_ADMIN }
What am I doing wrong? Can anyone give me any suggestions?
I have read docs from top to bottom several times but don't get what I'm doing wrong
