I want to set access_control for everything, but not for the pattern /login (and maybe some more routes).
So I set up the path for login first, with the role IS_AUTHENTICATED_ANONYMOUSLY.
Then I set up the path for everything, with the role IS_AUTHENTICATED_FULLY.
The problem is that login form is now generated twice. I see two login fields, two submit buttons, and so on.
If I remove the access_control rules I have no, and only set to one path like /blog/.* and with role: IS_AUTHENTICATED_FULLY, it works fine, the login form is like it should be.
So my configuration of “you need to be authenticated everywhere except here” does not work.
This is what I tried to do when login form is generated twice:
access_control:
- { path: /login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /.*, role: IS_AUTHENTICATED_FULLY }
Does anyone have any good examples for how to set up such a rule?
So I got the answer 🙂 So if anyone should have this problem, you also have to let _wdt, and _profiler being accessed anonymously 🙂
access_control: - { path: /_wdt/.*, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: /_profiler/.*, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: /login, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: /.*, role: IS_AUTHENTICATED_FULLY }