php - Symfony2, FOSUserBundle: trouble setting to only registered users are allowed access to all pages -

php - Symfony2, FOSUserBundle: trouble setting to only registered users are allowed access to all pages -

i thought did settings correctly when tried going on homepage (/) , redirects me login page (/login). however, when click on navigation menu such (/about) , inventory (/inventory), pages shown when not logged on. homepage redirecting login, need pages redirect login if users not signed on.

here security.yml:

security: encoders: fos\userbundle\model\userinterface: sha512 role_hierarchy: role_admin: role_user role_super_admin: role_admin providers: fos_userbundle: id: fos_user.user_provider.username firewalls: main: pattern: ^/ form_login: provider: fos_userbundle csrf_provider: form.csrf_provider default_target_path: / logout: true anonymous: true access_control: - { path: ^/$, role: role_user } - { path: ^/login$, role: is_authenticated_anonymously } - { path: ^/register, role: is_authenticated_anonymously } - { path: ^/resetting, role: is_authenticated_anonymously } - { path: ^/admin/, role: role_admin }

config.yml:

fos_user: db_driver: orm # other valid values 'mongodb', 'couchdb' , 'propel' firewall_name: main user_class: main\userbundle\entity\user

am missing someting?

edit: guess solution rid of "$" in access control.

access_control: - { path: ^/login$, role: is_authenticated_anonymously } - { path: ^/register, role: is_authenticated_anonymously } - { path: ^/resetting, role: is_authenticated_anonymously } - { path: ^/admin/, role: role_admin } - { path: ^/, roles: role_user }

except after login redirect blank page has url of /_wdt/(token number). if having problem solution insert setting before "main" in security.yml's firewall:

dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false

change firewall configuration following:

access_control: - { path: ^/$, role: role_user } - { path: ^/secured, role: role_user } - { path: ^/login$, role: is_authenticated_anonymously } - { path: ^/register, role: is_authenticated_anonymously } - { path: ^/resetting, role: is_authenticated_anonymously } - { path: ^/admin/, role: role_admin }

and alter routes secured pages start /secured.

update:

you can deny routes after / if user not logged on removing $ in access command rule:

access_control: - { path: ^/, role: role_user }

however, cause redirect loop when seek access routes should available anonymous users, /login or /register.

update 2

as @user3757305 commented below, - { path: ^/, role: role_user } can added @ bottom. access command rules applied in order appear in security config. means above - { path: ^/, role: role_user } rule not covered it. so, next config should work required:

access_control: - { path: ^/login$, role: is_authenticated_anonymously } - { path: ^/register, role: is_authenticated_anonymously } - { path: ^/resetting, role: is_authenticated_anonymously } - { path: ^/admin/, role: role_admin } - { path: ^/, role: role_user }

php symfony2 fosuserbundle