muzich/src/Muzich/CoreBundle/Resources/config/security.yml

parameters:
    # ... other parameters
    #security.acl.permission.map.class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap
    
security:
    providers:
        fos_userbundle:
            id: fos_user.user_provider.username_email
    encoders:
        "FOS\UserBundle\Model\UserInterface":
            algorithm: sha512
            encode_as_base64: false
            iterations: 10
    
    firewalls:
        main:
            pattern:      .*
            form_login:
                provider:       fos_userbundle
                login_path:     home
                use_forward:    false
                check_path:     /login_check
                failure_path:   null
                default_target_path: home
                success_handler: security.authentication.success_handler
                failure_handler: security.authentication.failure_handler
                
            logout:
                path:   /logout
                target: /
            anonymous:  ~
            remember_me:
              key:      %secret%
              lifetime: 1209600
              path:     /
              domain:   ~
            
    #role_hierarchy:
      # Attention, pas sur de ces lignes là !
        #ROLE_USER:        ROLE_USER
        #ROLE_ADMIN:       ROLE_ADMIN
        #ROLE_SUPER_ADMIN: ROLE_SUPER_ADMIN
        
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        #ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_SONATA_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        
    acl:
        connection: default
        
    ## La en tant qu'exemple, exploiter ça (http://j-place.developpez.com/tutoriels/php/ameliorez-vos-applications-developpees-avec-symfony2/#LVI-A-3)
    access_control:
      
        # PAGES ACCESSIBLES AUX ADMINISTRATEURS
        - { path: ^/admin, role: ROLE_ADMIN }
      
        # AUTRES
        - { path: "^/hello", roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: "^/hello/(?:fr|en)", roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: "^/(?:fr|en)/resetting", roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: "^/change-language/(?:fr|en)", roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: "^/auto-language", roles: IS_AUTHENTICATED_ANONYMOUSLY }
        
                
        - { path: ^/_wdt/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/_profiler/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        
        - { path: ^/js/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/css/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/bundles/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/info/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        
        ## Ouvert pour l'ajax (et le message de redirection en cas de déco)
        - { path: ^/(?:fr|en)/search-elements, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/element, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/follow/user, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/favorite/add, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/favorite/remove, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/element/add, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/search/tag, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/show/user/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/show/group/, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/favoritesajax, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/ajax, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/event/view/elements, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/test-error, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/share-from, role: IS_AUTHENTICATED_ANONYMOUSLY }
        
        ## New public roads for visitors
        - { path: ^/(?:fr|en)$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^//user, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/user, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^//group, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/(?:fr|en)/group, role: IS_AUTHENTICATED_ANONYMOUSLY }
                                        
        - { path: ^/, roles: ROLE_USER }
        
#        # Liste des pages accessibles à tous les utilisateurs (ne pas toucher)
#        - { path: ^/register$, role: IS_AUTHENTICATED_ANONYMOUSLY }
#        
#        # PAGES ACCESSIBLES AUX ADMINISTRATEURS
#        - { path: ^/myapp/admin/, role: ROLE_ADMIN }
#        
#        # PAGES ACCESSIBLES AUX UTILISATEURS CONNECTES
#        - { path: ^/myapp/change-password, role: ROLE_USER }
#
#        # PAGES ACCESSIBLES À TOUS
#        - { path: ^/myapp.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

#security:
#    firewalls:
#        secured_area:
#            pattern:    ^/
#            anonymous: ~
#            form_login:
#                login_path:  /login
#                check_path:  /login_check
#            logout:
#                path:   /logout
#                target: /hello
#
#    access_control:
#        - { path: ^/admin, roles: ROLE_ADMIN }
#
#    providers:
#        in_memory:
#            users:
#                ryan:  { password: ryanpass, roles: 'ROLE_USER' }
#                admin: { password: kitten, roles: 'ROLE_ADMIN' }
#
#    encoders:
#        Symfony\Component\Security\Core\User\User: plaintext