what I'm trying to do :
- locale in url except for default locale
- whole pages secured except the login page
jms_i18n_routing:
default_locale: %locale%
locales: %locales%
#strategy: prefix
strategy: prefix_except_default
Routes
arsf_base_default:
pattern: /
defaults: { _controller: ArsfBaseBundle:Default:index }
arsf_base_homepage:
pattern: /monit/bysector
defaults: { _controller: ArsfMonitBundle:BySector:index }
arsf_base_login:
pattern: /login
defaults: { _controller: ArsfBaseBundle:Default:login }
arsf_base_login_check:
pattern: /login_check
arsf_base_logout:
pattern: /logout
defaults: { _controller: ArsfBaseBundle:Default:logout }
And I tried to configure security.yml as
login:
pattern: ^/|[a-z]+/login$
security: false
anonymous: true
secured_area:
pattern: ^.*$
form_login:
check_path: arsf_base_login_check
login_path: arsf_base_login
default_target_path: arsf_base_homepage
logout:
path: arsf_base_logout
target: arsf_base_login
access_control:
-
path: ^/|[a-z]+/login$
roles: IS_AUTHENTICATED_ANONYMOUSLY
-
path: ^.*$
roles: ROLE_USER
In this case I get error
Unable to find the controller for path "/login_check"
So I tried to remove login firewall and configure secured_area with anonymous: ~
In this case all pages are accessibles without authentication and I've not found better solution than make a test in my layout :
<html>
<head>...</head>
<body>
{% if app.user %}
...
{% else %}
<script>window.location.replace("{{ path('arsf_base_login') }}");</script>
{% endif %}
</body>
</html>
Is there a better way to do ? What's wrong in my security conf ?