What about removing the login path??
access_control:
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Symfony should grant anonymous access to the login path by default.
Im interested in this issue, I think this is a common escenario like making
the site's homepage,
the user/admin homepage (like facebook, when you are logged in, the site's
homepage is your homepage).
2011/3/28 Dennis Jacobfeuerborn <djacobfeuerb...@gmail.com>
> On Monday, March 28, 2011 11:24:32 PM UTC+2, Matador wrote:
>>
>> Is it maybe due to ACL heriarchy ?
>>
>> I suggest you to try to inverse the ACL like:
>> access_control:
>> - { path: /.*, roles: ROLE_USER }
>> - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
>>
>>
>> What I notice is that /*. match /login so they collide.
>>
>>
> I tried reversing the order but that doesn't change anything. AFAIK the
> first match wins so by putting the /login before /.* you password protect
> the whole site but still allow anonymous users to get to the logn page.
>
> Regards,
> Dennis
>
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
