# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
- #wsse_secured:
- # pattern: /api/.*
- # wsse: true
+ wsse_secured:
+ pattern: /api/.*
+ wsse: true
+ stateless: true
+ anonymous: true
login_firewall:
pattern: ^/login$
anonymous: ~
post_only: true
- always_use_default_target_path: true
+ always_use_default_target_path: false
default_target_path: /
- target_path_parameter: redirect_url
+ target_path_parameter: _target_path
use_referer: true
failure_path: null
target: /
access_control:
+ - { path: ^/api/salt, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: ^/forgot-password, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }