# Configuring the security access
Login page
Now that you have an admin panel, you want to make sure admin users are the only ones allowed to access its URL. To secure your back-office interface, you can simply resort to Symfony's Security configuration with 4 basic steps : * [Create a User](#create-a-user-entity) * [Create the user provider](#configure-the-user-provider) * [Configure firewalls](#configure-the-firewall) * [Configure the access control authorization](#configure-access-control-authorization) ## Create a user entity You can use the Symfony maker to create a new user. ```shell bin/console make:user ``` {% hint style="info" %} Learn more on how to [create a User](https://symfony.com/doc/current/security.html#the-user) {% endhint %} ## Configure the user provider Here is an example of a user provider configuration: {% code title="config/packages/security.yaml" lineNumbers="true" %} ```yaml security: # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords password_hashers: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: # used to reload user from session & other features (e.g. switch_user) app_admin_user_provider: entity: class: App\Entity\User property: email ``` {% endcode %} {% hint style="info" %} Learn more on how to [create a user provider on the Symfony documentation](https://symfony.com/doc/current/security.html#the-user) {% endhint %} ## Configure the firewall Here is an example of how to configure a firewall for your admin routes: {% code title="config/packages/security.yaml" %} ```yaml security: firewalls: # ... admin: context: admin pattern: '/admin(?:/.*)?$' provider: app_admin_user_provider # Reuse the provider key you configured on providers section form_login: # These routes are provided by Sylius Admin Ui package login_path: sylius_admin_ui_login check_path: sylius_admin_ui_login_check default_target_path: sylius_admin_ui_dashboard logout: # These routes are provided by Sylius Admin Ui package path: sylius_admin_ui_logout target: sylius_admin_ui_login main: lazy: true ``` {% endcode %} {% hint style="warning" %} It's important to move the main block under the admin configuration. Otherwise the admin login functionality won't work properly. {% endhint %} {% hint style="info" %} Learn more on how to [configure the firewall on the Symfony documentation](https://symfony.com/doc/current/security.html#the-firewall) {% endhint %} ## Configure Access Control Authorization Only admin users will have access to "/admin" routes. {% code title="config/packages/security.yaml" %} ```yaml security: access_control: - { path: ^/admin/login, roles: PUBLIC_ACCESS } - { path: ^/admin/logout, roles: PUBLIC_ACCESS } - { path: ^/admin, roles: ROLE_ADMIN } - { path: ^/, roles: PUBLIC_ACCESS } ``` {% endcode %} {% hint style="info" %} Learn more on how to [configure Access Control Authorization on the Symfony documentation](https://symfony.com/doc/current/security.html#access-control-authorization) {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://stack.sylius.com/cookbook/admin_panel/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.