Symfony: Security Fundamentals

Ok, you might want continue the login and register part
but hold on a second, here what you need to do first is understand the security fundamental in symfony

Actually security is like before you enter a president house, you need to have guardian give a pass card
so in programming, this pass card is an token

the token could assign you : allow go inside, not allow, or where you should go

so that’s hold this basic concept and dig into symfony security fundamental:
Security configuration: security.yml

go to config/packages, open security.yml

line 5

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

make security: true

then go to your browser:

so you could see the page is not work, cause we set firewalls

move back:

security: false

then you could see the anonymous token from this code:

anonymous: ~

and from debugbar:

profiler:
anonymous: ~

so this is allowed anyone to access page cause so far there’s no any login system yet

but if we comment out this key?

#anonymous: ~

then you should see the page try to redirect to: http://127.0.0.1:8000/login

this is because you required to login to pass the firewall now

uncomment out, the page show up again

so this is very fundamental security part

And one more security part is access_control:

access_control:
    #- { path: ^/admin, roles: ROLE_ADMIN }
    #- { path: ^/profile, roles: ROLE_USER }

this is as you are role admin, you will lead to any /admin path, and if you are user, you will lead to any /profile path

or if you defined as follow:

access_control:
        - { path: ^/new, roles: ROLE_USER }
        - { path: ^/register, roles: ROLE_USER }

this means if you are user, you will go to /new path, or if you are not login yet, you will direct to /register path

with this access_control, you could define lots event and action ( like restric to admin page, blog page allow user to give comments) should go to, the most important thing to know is that only one access_control entry is matched on a request

if your request is not make clear, it will show ou this error:

Here is the doc, if you like to learn more