firewall - Why the access_control not working in my symfony project? -
symfony version: 3.0
my security configuration is:
security: session_fixation_strategy: none role_hierarchy: role_admin: [role_manager, role_user] role_super_admin: role_admin encoders: demo\bundle\userbundle\entity\user: bcrypt demo\bundle\userbundle\entity\manager: bcrypt providers: frontend_user_provider: id: demo.user_provider backend_manager_provider: id: demo.manager_provider firewalls: account: anonymous: ~ pattern: ^/ host: ^account\.demo\.com$ access_denied_url: _login form_login: provider: frontend_user_provider csrf_token_generator: security.csrf.token_manager login_path: _login check_path: _login_check target_path_parameter: _account logout: path: _logout target: _login backend: anonymous: ~ pattern: ^/ host: ^admin\.demo\.com$ form_login: provider: backend_manager_provider csrf_token_generator: security.csrf.token_manager login_path: _backend_login check_path: _backend_login_check target_path_parameter: _backend_index logout: path: _backend_logout target: _backend_login access_control: - { path: ^/, roles: is_authenticated_anonymously } - { path: ^/, roles: role_user, host: account.demo.com } - { path: ^/login.html, roles: is_authenticated_anonymously, host: admin.demo.com } - { path: ^/, roles: role_admin, host: admin.demo.com } i plan account.demo.com normal user can works in site. , admin subdomain administrator can manage site. so, account page & admin page should limited view if user not login. now, these pages can viewed anno user. access_control not working me.
http://account.demo.com/post/add.html should denied when user not login. anon. user can view it.
another question is: how make cookies of subdomains excluding admin subdomain? after normal user login, can switch page www account without login again.
Comments
Post a Comment