How security is organized in Symfony?
Security is all about defining an agreement between users and the application on how to use the website. Like other Symfony configuration files, security has its own settings, which basically define what type of user is allowed to visit which part of the application and types of operations that he is authorized to do. If you look at app/config/security.yml
contents, it is quite empty and security is deactivated by default. This is the reason that you can see almost any part of your application without providing any credentials. Let's change this and build some firewalls in front of locations such as /admin
.
Creating a firewall is as simple as adding the following lines to the security.yml
contents:
# app/config/security.yml security: firewalls: secured_area: pattern: ^/ anonymous: ~ access_control: - { path: ^/admin/, roles: ROLE_ADMIN }
This URL is now secured from unauthorized access. However, it is not...