Configuring the security access
Now that you have an admin panel, you want to make sure admin users are the only ones allowed to access its URL. To secure your back-office interface, you can simply resort to Symfony's Security configuration with 4 basic steps :
Create a user entity
You can use the Symfony maker to create a new user.
bin/console make:userConfigure the user provider
Here is an example of a user provider configuration:
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
# used to reload user from session & other features (e.g. switch_user)
app_admin_user_provider:
entity:
class: App\Entity\User
property: emailConfigure the firewall
Here is an example of how to configure a firewall for your admin routes:
security:
firewalls:
# ...
admin:
context: admin
pattern: '/admin(?:/.*)?$'
provider: app_admin_user_provider # Reuse the provider key you configured on providers section
form_login:
# These routes are provided by Sylius Admin Ui package
login_path: sylius_admin_ui_login
check_path: sylius_admin_ui_login_check
default_target_path: sylius_admin_ui_dashboard
logout:
# These routes are provided by Sylius Admin Ui package
path: sylius_admin_ui_logout
target: sylius_admin_ui_loginConfigure Access Control Authorization
Only admin users will have access to "/admin" routes.
security:
access_control:
- { path: ^/admin/login, roles: PUBLIC_ACCESS }
- { path: ^/admin/logout, roles: PUBLIC_ACCESS }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: PUBLIC_ACCESS }Last updated