Disallow anonymous API access

app/config/security.yml

@@ -16,6 +16,12 @@ security:
             pattern:    ^/oauth/v2/token
             security:   false
 
+        api:
+            pattern: ^/.*\.(json|xml)
+            fos_oauth:  true
+            stateless:  true
+            anonymous:  false
+
         public:
             pattern: ^/.*
             anonymous: true
@@ -54,7 +60,7 @@ security:
             security: false
 
     access_control:
-#        - { path ^/.*\.(json|xml)$, roles: ROLE_API }
+        - { path ^/.*\.(json|xml), roles: IS_AUTHENTICATED_FULLY }
 
     encoders:
         Acts\CamdramSecurityBundle\Entity\User:
@@ -91,4 +97,4 @@ hwi_oauth:
                 csrf: true
                 include_email: true
         raven:
-            service: Acts\CamdramSecurityBundle\Security\RavenResourceOwner
+            service: Acts\CamdramSecurityBundle\Security\RavenResourceOwner