Symfony 6 trouble with access_control - is_authenticated_fully etc

Question

    # set hierarchy for roles?
role_hierarchy: 
    # give admin also the roles inside the array.
    ROLE_ADMIN: [ROLE_USER]
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
    #- { path: ^/admin, roles: ROLE_ADMIN }
    # Unless the path is login, user must be authenticated anonymously.
    # This means only page accessible anonymously is login page.
    - { path: ^(/(login|register)),  roles: IS_AUTHENTICATED_ANONYMOUSLY }
    # can visit any other path if authenticated fully
    - { path: ^/, roles: IS_AUTHENTICATED_FULLY }

This simple code doesn't seem to work. I cannot visit login or register anonymously. I know the IS_AUTHENTICATED_FULLY part is working as when I comment it out (and I am signed out, aka authenticated anonymously) I can visit other paths other than login and register.

Even when I simply do:

- { path: ^/login,  roles: IS_AUTHENTICATED_ANONYMOUSLY }

It doesn't work and I cannot visit /login. What am I doing wrong?

I have been using this video as a guide: https://youtu.be/XjbIDOIoXTo?t=4211

Answer 1

Symfony 5.3 has deprecated the old authentication mechanism along with the Guard Component see https://symfony.com/blog/new-in-symfony-5-3-guard-component-deprecation. The new system doesn't "authenticate" user by default with IS_AUTHENTICATED_ANONYMOUSLY.

Anonymous users no longer exist

You now must use the PUBLIC_ACCESS as @Bossman specified in a comment. https://symfony.com/doc/current/security.html#allowing-unsecured-access-i-e-anonymous-users

The video in your link clearly states that the video has been recorded using Symfony 5.2

NOTICE - THIS SERIES WAS RECORDED USING SYMFONY 5.2. THERE HAVE BEEN SOME MINOR CHANGES AND SOME CLASSES HAVE SINCE BEEN REMOVED. YOU WILL STILL BE ABLE TO FOLLOW THIS TUTORIAL BUT YOU WILL NEED TO COMBINE IT THE DOCUMENTATION IN SOME PARTS.