security: encoders: Symfony\Component\Security\Core\User\User: pla

1. security:
2. encoders:
3. Symfony\Component\Security\Core\User\User: plaintext
4.  
5. role_hierarchy:
6. ROLE_ADMIN: ROLE_USER
7. ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
8.  
9. providers:
10. in_memory:
11. users:
12. user: { password: userpass, roles: [ 'ROLE_USER' ] }
13. admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
14. # the naming of a security provider is up to you, we chose "fos_userbundle"
15. fos_userbundle:
16. id: fos_user.user_manager
17.  
18. firewalls:
19. profiler:
20. pattern: ^/_profiler
21. security: false
22.  
23. wdt:
24. pattern: ^/_wdt
25. security: false
26.  
27. login:
28. pattern: ^/demo/secured/login$
29. security: false
30.  
31. secured_area:
32. pattern: ^/demo/secured/
33. form_login:
34. check_path: /demo/secured/login_check
35. login_path: /demo/secured/login
36. logout:
37. path: /demo/secured/logout
38. target: /demo/
39. #anonymous: ~
40. #http_basic:
41. # realm: "Secured Demo Area"
42.  
43. main:
44. pattern: .*
45. form-login:
46. provider: in_memory
47. login_path: /login
48. use_forward: false
49. check_path: /login_check
50. failure_path: null
51. always_use_default_target_path: true
52. default_target_path: /
53. target_path_parameter: _target_path
54. use_referer: false
55. logout: true
56. anonymous: true
57.  
58. access_control:
59. #- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
60. - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
61. - { path: ^/_css/, role: IS_AUTHENTICATED_ANONYMOUSLY }
62. - { path: ^/_img/, role: IS_AUTHENTICATED_ANONYMOUSLY }
63. - { path: ^/_js/, role: IS_AUTHENTICATED_ANONYMOUSLY }
64. - { path: ^/twenty/, role: IS_AUTHENTICATED_ANONYMOUSLY }
65. # The WDT has to be allowed to anonymous users to avoid requiring the login with the AJAX request
66. - { path: ^/_wdt/, role: IS_AUTHENTICATED_ANONYMOUSLY }
67. - { path: ^/_profiler/, role: IS_AUTHENTICATED_ANONYMOUSLY }
68. # AsseticBundle paths used when using the controller for assets
69. - { path: ^/js/, role: IS_AUTHENTICATED_ANONYMOUSLY }
70. - { path: ^/css/, role: IS_AUTHENTICATED_ANONYMOUSLY }
71.  
72. # URL of FOSUserBundle which need to be available to anonymous users
73. - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
74. - { path: ^/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY } # for the case of a failed login
75. - { path: ^/user/new$, role: IS_AUTHENTICATED_ANONYMOUSLY }
76. - { path: ^/user/check-confirmation-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
77. - { path: ^/user/confirm/, role: IS_AUTHENTICATED_ANONYMOUSLY }
78. - { path: ^/user/confirmed$, role: IS_AUTHENTICATED_ANONYMOUSLY }
79. - { path: ^/user/request-reset-password$, role: IS_AUTHENTICATED_ANONYMOUSLY }
80. - { path: ^/user/send-resetting-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
81. - { path: ^/user/check-resetting-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
82. - { path: ^/user/reset-password/, role: IS_AUTHENTICATED_ANONYMOUSLY }
83. # Secured part of the site
84. # This config requires being logged for the whole site and having the admin role for the admin part.
85. # Change these rules to adapt them to your needs
86. - { path: ^/admin/, role: ROLE_ADMIN }
87. - { path: ^/.*, role: ROLE_USER }