summaryrefslogtreecommitdiffstats
path: root/admin/WebConsole3/backend/app/config/security.yml
blob: d839610934fe7dbfd307f29a715c5963eed9f805 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
        FOS\UserBundle\Model\UserInterface: sha512 #{ algorithm: 'bcrypt', cost: 10 }

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        opengnsys_userbundle:
            id: fos_user.user_provider.username
    firewalls:
        ## AUTH 2.0 ##
        oauth_token:
            pattern:    ^/oauth/v2/token
            security:   false

        ## API - WEB SERVICE - REST ##
        api_private:
            pattern:    ^/api/private
            fos_oauth:  true
            stateless:  true
            anonymous:  false
        api:
            pattern:    ^/api
            stateless:  true
            anonymous:  true
        ## MAIN --> WEB ./ ##
        main:
            pattern:             .*
            context:             user
            form_login:
                provider:       opengnsys_userbundle
                login_path:     /login
                use_forward:    false
                check_path:     /login_check
                failure_path:   null
            logout:             true
                #path:   fos_user_security_logout
                #target: /
            anonymous: true
            remember_me:
                secret:      "%secret%"
                lifetime: 31536000 # 365 days in seconds
                path:     /
                name: REMEMBERME_OG_MAIN
    access_control:
        # Auth login
        - { path: ^/oauth/v2/auth_login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # Secured part of the site
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }   #ROLE_ADMIN
        # Securet part of Api
        - { path: ^/api/private, roles: [ IS_AUTHENTICATED_FULLY ] }