New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

how to get all users connected to default user without going through login page? #2223

Closed
mappedinn opened this Issue Sep 14, 2016 · 2 comments

Comments

Projects
None yet
3 participants
@mappedinn
Copy link

mappedinn commented Sep 14, 2016

Hi,

I want to secure my API with FOSUserBundle (and avoid the use of FOSOAuthServerBundle due to lack of documentation with complete example).

To make my API secure, I just created firewalls as follows:

firewalls:
    dev:
        pattern:       ^/(_(profiler|wdt)|css|images|js)/
        security:      false
    api_doc:
        pattern:      ^/api/doc
        security:     false
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_token_generator: security.csrf.token_manager
        logout:       true
        anonymous:    true

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] } 
    - { path: ^/admin/, roles: [ROLE_SUPER_ADMIN]}

This is great! But this requires that every one has to be connected before using the website so that I can display the list of ads, etc. ( Even GET queries needs a connected for security purpose)

To overcome, I am thinking about having all the users connected with a "default" user with limited privileges (just enough for simple querying without posting).

Is it possible to do so?

Thanks for your help.

PS: I did manage to get FOSUserBundle and FOSOAuthServerBundle working together. In fact, I was able to create a client and get an access token for it through command lines. But, I was not able to config the security.yml properly so that I get a login page that returns an access token.

@GregoireHebert

This comment has been minimized.

Copy link

GregoireHebert commented Dec 3, 2016

@mappedinn what is exactly your use case ?
A way of doing is to authorize anonymous authentication and then for each entry point you want to secure, ask the user to be fully authenticated.

@XWB

This comment has been minimized.

Copy link
Member

XWB commented Jan 31, 2017

Closing as this is not really FOSUserBundle related.

@XWB XWB closed this Jan 31, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment