John Davidson

php - Symfony - exclude specific route from security path


In my security.yaml file I have:

- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

But I have defined one more route: api/doc and api/doc.json which I want to exclude from this specific group like:

- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }

and I want to exclude just for this specific path but not from all api/ extensions.

Do I need to put this endpoint above first one or is there another way?

My Answer:
You can achieve this by adding a specific route for the /api/doc path before the general /api path in your access_control configuration. This way, Symfony will match the /api/doc route first and apply the IS_AUTHENTICATED_ANONYMOUSLY role to it, and then move on to the general /api route.

Here's how you can update your security.yaml file:

- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

By defining the /api/doc route first, Symfony will match it before the general /api route and apply the IS_AUTHENTICATED_ANONYMOUSLY role to it. This way, the /api/doc route will be excluded from the IS_AUTHENTICATED_FULLY role defined for the general /api route.

Rate this post

3 of 5 based on 8413 votes


© 2024 - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us