access_control: – { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } – { path: ^/logout, roles: IS_AUTHENTICATED_ANONYMOUSLY

Question

0

Asked: June 9, 20262026-06-09T00:18:34+00:00 2026-06-09T00:18:34+00:00

access_control: – { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } – { path: ^/logout, roles: IS_AUTHENTICATED_ANONYMOUSLY

0

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/logout, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/recover-password, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/activate-account, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_USER }

It seems that the access_control works fine for restricting access for different roles, but I need something like IS_AUTHENTICATED_ANONYMOUSLYonly&& ! ROLE_USER && ! ROLE_ADMIN.

I don’t want that as already logged in to allow accessing this route. If this is possible from security.yml it would be great.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-09T00:18:37+00:00

Editorial Team

2026-06-09T00:18:37+00:00Added an answer on June 9, 2026 at 12:18 am

JMSSecurityExtraBundle adds expression support.

Example from documentation:

access_control:
    - { path: ^/foo, access: "hasRole('FOO') and hasRole('BAR')" }

Further reading: Expression-based Authorization Language

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

access_control: – { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } – { path: ^/logout, roles: IS_AUTHENTICATED_ANONYMOUSLY

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply