# To get started with security, check out the documentation:# http://symfony.co

1. # To get started with security, check out the documentation:
2. # http://symfony.com/doc/current/book/security.html
3. security:
4. encoders:
5. ProjectEntityUser:
6. algorithm: bcrypt
7. cost: 15
8. FOSUserBundleModelUserInterface:
9. algorithm: bcrypt
10. cost: 15
11.  
12. role_hierarchy:
13. ROLE_STAFF: [ROLE_USER]
14. ROLE_CLIENT: [ROLE_STAFF, ROLE_USER]
15. ROLE_ADMIN: [ROLE_CLIENT, ROLE_USER]
16. ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
17.  
18. # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
19. providers:
20. chain_provider:
21. chain:
22. providers: [in_memory, users, admins]
23. in_memory:
24. memory:
25. users:
26. user: { password: userpass, roles: [ 'ROLE_USER' ] }
27. staff: { password: userpass, roles: [ 'ROLE_STAFF' ] }
28. client: { password: userpass, roles: [ 'ROLE_CLIENT' ] }
29. admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
30.  
31. users:
32. entity: { class: ProjectEntityUser, property: email }
33. admins:
34. entity: { class: ProjectEntityUser, property: username }
35.  
36. firewalls:
37. # EXCLUDE FROM OAUTH
38. api_init:
39. pattern: ^/api/init
40. security: false
41. stateless: true
42. api_user_password_reset:
43. pattern: ^/api/user/password
44. security: false
45. methods: [POST]
46. api_facebook_connect:
47. pattern: ^/api/facebook-connect
48. security: false
49. stateless: true
50. api_register:
51. pattern: ^/api/register
52. security: false
53. stateless: true
54. api_login:
55. pattern: ^/api/login
56. security: false
57. stateless: true
58.  
59. # OAUTH API
60. oauth_token:
61. pattern: ^/oauth/v2/token
62. security: false
63.  
64. oauth_authorize:
65. pattern: ^/oauth/v2/auth
66. form_login:
67. provider: users
68. login_path: _demo_login
69. check_path: _security_check
70. anonymous: true
71.  
72. api:
73. pattern: ^/api
74. fos_oauth: true
75. stateless: true
76. anonymous: false
77.  
78. # disables authentication for assets and the profiler, adapt it according to your needs
79. dev:
80. pattern: ^/(_(profiler|wdt)|css|images|js)/
81. security: false
82.  
83. cms:
84. pattern: ^/
85. provider: admins
86. form_login:
87. login_path: /
88. check_path: /login_check
89. remember_me: true
90. csrf_provider: security.csrf.token_manager
91. csrf_parameter: _csrf_security_token
92. use_referer: true
93.  
94. remember_me:
95. key: "%secret%"
96. always_remember_me: true
97.  
98. logout:
99. path: /cms/logout
100. target: login
101.  
102. security: true
103. anonymous: ~
104.  
105. access_control:
106. - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
107. - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
108. - { path: ^/cms/error/page, role: IS_AUTHENTICATED_ANONYMOUSLY }
109. - { path: ^/cms, roles: [ROLE_CLIENT, ROLE_ADMIN] }
110. - { path: ^/cms/clients, roles: ROLE_ADMIN }
111. - { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }