6

I need to redirect everyone to route /login if:

  • Access to / route (app.php or app_dev.php)
  • Try to access any restricted area and the client belongs to group or have the right credentials but it's not logged in (not so sure this will be necessary since maybe Symfony handle this part)

So I did this in my security.yml:

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email

    firewalls:
        main:
            pattern: ^/
            anonymous: ~
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
            logout:       true

        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }

And this in routing.yml:

common:
    resource: "@CommonBundle/Controller/"
    type:     annotation
    options:
        expose: true

user:
    resource: "@UserBundle/Controller/"
    type:     annotation
    options:
        expose: true

# FOSUserBundle Routes
fos_user_security:
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

fos_user_profile:
    resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
    prefix: /profile

fos_user_register:
    resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
    prefix: /register

fos_user_resetting:
    resource: "@FOSUserBundle/Resources/config/routing/resetting.xml"
    prefix: /resetting

fos_user_change_password:
    resource: "@FOSUserBundle/Resources/config/routing/change_password.xml"
    prefix: /profile

fos_user_group:
    resource: "@FOSUserBundle/Resources/config/routing/group.xml"
    prefix: /group

#FOSJsRouting
fos_js_routing:
    resource: "@FOSJsRoutingBundle/Resources/config/routing/routing.xml"

Any time I access app_dev.php I go to CommonController.php at indexAction() and don't redirect to login, what I miss?

ReynierPM
  • 17,594
  • 53
  • 193
  • 363

2 Answers2

14

You need to make the entire site closed off to non authenticated users by adding a rule to the access_control. However, ensure that /login is an exception to this rule, by putting the exception before it. 

access_control:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
Alex
  • 1,565
  • 2
  • 9
  • 13
  • That works but I miss styles and images and so on, why? – ReynierPM Jul 15 '14 at 21:28
  • 2
    You need to read the FOSUserBundle documentation with regards to overriding the template, and couple it with knowledge that you'll earn from reading the Templating chapter of the Symfony Book – Alex Jul 16 '14 at 07:51
  • 1
    Please note that since Symfony 6+ `PUBLIC_ACCESS` has to be used instead of `IS_AUTHENTICATED_ANONYMOUSLY`. See more at https://stackoverflow.com/a/71340824/15484481 – WebDevPassion Nov 24 '22 at 20:38
2

add this as the last line of your access control:

- { path: ^/, role: ROLE_USER }

ROLE_USER means any user , you can use ROLE_ADMIN to restrict access to admins. You should add another routes to the list as well. There's a couple of more ways to do it in controller or your template using 'is_granted' method. For more information read the Symfony documentation on security.

MKoosej
  • 3,405
  • 3
  • 21
  • 29