I’m using FOSUserBundle to manager users, now I’m trying to secure some controller actions

Question

0

Asked: June 16, 20262026-06-16T15:22:28+00:00 2026-06-16T15:22:28+00:00

I’m using FOSUserBundle to manager users, now I’m trying to secure some controller actions

0

I’m using FOSUserBundle to manager users, now I’m trying to secure some controller actions with JMS\SecurityExtraBundle. I have set ROLE_SUPER_USER on my user and protected a method with @Secure(roles="SUPER_ADMIN") but I am not allawed to call the method.

After a LOT of digging up into the code of Symfony2 I think I have traced the issue to the fact that getToken()->getRoles() only returns ROLE_USER whereas getToken()->getUser()->getRoles() correctly returns the user roles, including ROLE_SUPER_USER.

So what could be happening there?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T15:22:29+00:00

HAHA

I was missing the lines :

providers:
            main:
                entity: { class: FM\SymSlateBundle\Entity\User, property: username }

in security.yml :

security:
    providers:
        main:
            entity: { class: FM\SymSlateBundle\Entity\User, property: username }
        fos_userbundle:
            id: fos_user.user_provider.username

Thus the Context was using the default user class which only has USER_ROLE

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using FOSUserBundle to manager users, now I’m trying to secure some controller actions

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply