John Davidson

php - Symfony - exclude specific route from security path

0 comments
Message:


In my security.yaml file I have:


 access_control:

    - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

But I have defined one more route: api/doc and api/doc.json which I want to exclude from this specific group like:


- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }

and I want to exclude just for this specific path but not from all api/ extensions.


Do I need to put this endpoint above first one or is there another way?


My Answer:
You can achieve this by adding a specific route for the /api/doc path before the general /api path in your access_control configuration. This way, Symfony will match the /api/doc route first and apply the IS_AUTHENTICATED_ANONYMOUSLY role to it, and then move on to the general /api route.

Here's how you can update your security.yaml file:

yaml
access_control:
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }


By defining the /api/doc route first, Symfony will match it before the general /api route and apply the IS_AUTHENTICATED_ANONYMOUSLY role to it. This way, the /api/doc route will be excluded from the IS_AUTHENTICATED_FULLY role defined for the general /api route.

Rate this post

4 of 5 based on 4670 votes

Comments



© 2024 Hayatsk.info - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us