CODEWITHSUNDEEP
phpapirestsymfony
orhankutlu
orhankutlu

Reputation: 840

Symfony2 allow anonymous for certain routes with certain methods

I am developing a backend service for my own project with Symfony2. What i would like to do is simple user registration. Whenever a user needs to be created there will be a POST call to

/v1.0/users (with POST method)

I would like to create a new user. For all of the other url should be authenticated except this one. So I created UserProvider and UserAuthenticator as described in here : http://symfony.com/doc/current/cookbook/security/api_key_authentication.html

I created a secured area and it works fine, but i want to disable this firewal for the url above with post method. I couldnt figure it out how. Here is my security.yml file

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    api_user_secured_area:
        pattern: ^/v1.0/users
        stateless: true
        simple_preauth:
            authenticator: user_token_authenticator
        provider: user_token_provider

    access_control:
    ...
        user_register:
            path: /v1.0/users
            roles: IS_AUTHENTICATED_ANONYMOUSLY ?? FOR POST ONLY ??

PS: I dont want to use annotation for security (like @Security in the controller)

Upvotes: 0

Views: 855

Answers (1)

Dan Belden
Dan Belden

Reputation: 1217

Access control can be filtered to a given METHOD using the Methods property, please see here for more filters/options regarding access control:

http://symfony.com/doc/current/cookbook/security/access_control.html

Here is the option integrated into your code:

access_control:
    user_register:
        path: /v1.0/users
        methods: [ POST ]
        roles: IS_AUTHENTICATED_ANONYMOUSLY

Upvotes: 2

Related Questions