[github/wallabag/wallabag.git] / app / config / security.yml

security:
    encoders:
        Wallabag\CoreBundle\Entity\User:
            algorithm:        sha1
            encode_as_base64: false
            iterations:       1

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]

    providers:
        administrators:
            entity: { class: WallabagCoreBundle:User, property: username }

    # the main part of the security, where you can set up firewalls
    # for specific sections of your app
    firewalls:
        wsse_secured:
            pattern:      /api/.*
            wsse:         true
            stateless:    true
            anonymous:    true
        login_firewall:
            pattern:    ^/login$
            anonymous:  ~

        secured_area:
            pattern:    ^/
            anonymous: ~
            form_login:
                login_path:                     /login

                use_forward:                    false

                check_path:                     /login_check

                post_only:                      true

                always_use_default_target_path: true
                default_target_path:            /
                target_path_parameter:          redirect_url
                use_referer:                    true

                failure_path:                   null
                failure_forward:                false

                username_parameter:             _username
                password_parameter:             _password

                csrf_parameter:                 _csrf_token
                intention:                      authenticate

            logout:
                path:   /logout
                target: /

    access_control:
        - { path: ^/api/salt, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/forgot-password, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_USER }
Commit	Line	Data
93fd4692	1	security:
93fd4692	2	encoders:
d9169157	3	Wallabag\CoreBundle\Entity\User:
c3235553 NL	4	algorithm: sha1
	5	encode_as_base64: false
	6	iterations: 1
93fd4692	7
93fd4692 NL	8	role_hierarchy:
93fd4692 NL	9	ROLE_ADMIN: ROLE_USER
c3235553	10	ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
93fd4692	11
93fd4692	12	providers:
c3235553	13	administrators:
d9169157	14	entity: { class: WallabagCoreBundle:User, property: username }
93fd4692 NL	15
	16	# the main part of the security, where you can set up firewalls
	17	# for specific sections of your app
	18	firewalls:
0ac38198 NL	19	wsse_secured:
	20	pattern: /api/.*
	21	wsse: true
	22	stateless: true
	23	anonymous: true
c3235553 NL	24	login_firewall:
	25	pattern: ^/login$
	26	anonymous: ~
	27
d9169157 J	28	secured_area:
	29	pattern: ^/
	30	anonymous: ~
	31	form_login:
	32	login_path: /login
	33
	34	use_forward: false
	35
	36	check_path: /login_check
	37
	38	post_only: true
	39
	40	always_use_default_target_path: true
	41	default_target_path: /
	42	target_path_parameter: redirect_url
	43	use_referer: true
	44
	45	failure_path: null
	46	failure_forward: false
	47
	48	username_parameter: _username
	49	password_parameter: _password
	50
	51	csrf_parameter: _csrf_token
	52	intention: authenticate
	53
	54	logout:
	55	path: /logout
	56	target: /
c3235553	57
93fd4692	58	access_control:
c5e8ba25	59	- { path: ^/api/salt, roles: IS_AUTHENTICATED_ANONYMOUSLY }
88924980	60	- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
c3235553	61	- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
6894d48e	62	- { path: ^/forgot-password, roles: IS_AUTHENTICATED_ANONYMOUSLY }
371ac69a	63	- { path: /(unread\|starred\|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
c3235553	64	- { path: ^/, roles: ROLE_USER }