I'm making a site where everything except the actual login-form should require that the user has logged in.
I'm assuming the issue I'm having is with the security.yml which I've set up like this.
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
provider: auth_provider
pattern: .*
form_login:
login_path: /login
check_path: /login_check
logout:
path: /logout
target: /
access_control:
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
The firewall does indeed recognise an anonymous user and tries to send him to the login-page. However, the browser halts the request before the login form is rendered due to a redirect-loop. Which I just can't figure out how to solve.
my route file:
site_login:
path: /login
defaults: { _controller: AppBundle:Security:login }
site_login_check:
path: /login_check
defaults: { _controller: AppBundle:Security:login_check }
The controller is just:
class SecurityController extends Controller {
public function loginAction(Request $request) {
die("here1");
}
public function loginCheckAction(Request $request) {
die("here2");
}
}
Add to main firewall:
main:
anonymous: true
and to access control:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: IS_AUTHENTICATED_REMEMBERED }