# To get started with security, check out the documentation: # https://symfony.com/doc/current/security.html security: encoders: FOS\UserBundle\Model\UserInterface: bcrypt # https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded providers: fos_userbundle: id: fos_user.user_provider.username firewalls: secured_area: pattern: ^/ anonymous: ~ logout_on_user_change: true form_login: provider: fos_userbundle csrf_token_generator: security.csrf.token_manager default_target_path: dashboard logout: path: /logout target: /login anonymous: true logout_on_user_change: true oauth: resource_owners: google: "/login/check-google" disqus: "/login/check-disqus" twitter: "/login/check-twitter" login_path: /login use_forward: false failure_path: /login oauth_user_provider: service: my.custom.user_provider # disables authentication for assets and the profiler, adapt it according to your needs dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false # https://symfony.com/doc/current/security/form_login_setup.html # activate different ways to authenticate # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate #http_basic: ~ role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: ROLE_ADMIN access_control: - { path: ^/dashboard$, role: IS_AUTHENTICATED_REMEMBERED } - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin/, role: ROLE_ADMIN }