-# you can read more about security in the related section of the documentation
-# http://symfony.com/doc/current/book/security.html
security:
- # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
encoders:
- Symfony\Component\Security\Core\User\User: plaintext
+ FOS\UserBundle\Model\UserInterface: sha512
- # http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
- ROLE_ADMIN: ROLE_USER
- ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
+ ROLE_ADMIN: ROLE_USER
+ ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
- # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
- in_memory:
- memory:
- users:
- user: { password: userpass, roles: [ 'ROLE_USER' ] }
- admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
+ administrators:
+ entity:
+ class: WallabagUserBundle:User
+ property: username
+ fos_userbundle:
+ id: fos_user.user_provider.username_email
# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
- pattern: ^/(_(profiler|wdt)|css|images|js)/
+ pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
- # the login page has to be accessible for everybody
- demo_login:
- pattern: ^/demo/secured/login$
+
+ oauth_token:
+ pattern: ^/oauth/v2/token
security: false
- # secures part of the application
- demo_secured_area:
- pattern: ^/demo/secured/
- # it's important to notice that in this case _demo_security_check and _demo_login
- # are route names and that they are specified in the AcmeDemoBundle
+ api:
+ pattern: /api/.*
+ fos_oauth: true
+ stateless: true
+ anonymous: true
+ provider: fos_userbundle
+
+ login_firewall:
+ logout_on_user_change: true
+ pattern: ^/login$
+ anonymous: ~
+
+ secured_area:
+ logout_on_user_change: true
+ pattern: ^/
form_login:
- check_path: _demo_security_check
- login_path: _demo_login
+ provider: fos_userbundle
+ csrf_token_generator: security.csrf.token_manager
+
+ anonymous: true
+ remember_me:
+ secret: "%secret%"
+ lifetime: 31536000
+ path: /
+ domain: ~
+
logout:
- path: _demo_logout
- target: _demo
- #anonymous: ~
- #http_basic:
- # realm: "Secured Demo Area"
-
- # with these settings you can restrict or allow access for different parts
- # of your application based on roles, ip, host or methods
- # http://symfony.com/doc/current/cookbook/security/access_control.html
+ path: /logout
+ target: /
+
access_control:
- #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
\ No newline at end of file
+ - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: ^/locale, role: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+ - { path: ^/settings, roles: ROLE_SUPER_ADMIN }
+ - { path: ^/annotations, roles: ROLE_USER }
+ - { path: ^/users, roles: ROLE_SUPER_ADMIN }
+ - { path: ^/, roles: ROLE_USER }
projects / github / wallabag / wallabag.git / blobdiff