# To get started with security, check out the documentation: # https://symfony.com/doc/current/security.html security: encoders: FOS\UserBundle\Model\UserInterface: bcrypt # https://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded providers: fos_userbundle: id: fos_user.user_provider.username firewalls: # disables authentication for assets and the profiler, adapt it according to your needs dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: pattern: ^/ form_login: provider: fos_userbundle csrf_token_generator: security.csrf.token_manager logout: true anonymous: true logout_on_user_change: true # activate different ways to authenticate # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate #http_basic: ~ # https://symfony.com/doc/current/security/form_login_setup.html #form_login: ~ secured_area: anonymous: ~ oauth: resource_owners: facebook: "/login/check-facebook" google: "/login/check-google" # my_custom_provider: "/login/check-custom" twitter: "/login/check-twitter" login_path: /login use_forward: false failure_path: /login oauth_user_provider: service: my.oauth_aware.user_provider.service role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: ROLE_ADMIN access_control: - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin/, role: ROLE_ADMIN }