I am developing APIs with symfony2 and I have implemented WSSE authentication. I need to skip authentication for some the URLs as they will be publically accessible. Publically accessible URLs has format like:
www.myserver.com/api/v1/public/testaction1
www.myserver.com/api/v1/public/testaction2
There is one more URL which is publically accessible, which is documentation for API:
www.myserver.com/api/doc/
Except the above-mentioned URLs all other action should come under authetication scheme, I tried tweaking URL pattern under firewall Config option as:
security.yml
firewalls:
wsse_secured:
pattern: ^/api/[^doc | ^v1\/public/].*
which doesn't seem to work, can you please help me with skipping these URLs from authentication? Am I missing the correct regular expression?
EDIT
Here is the access control section of my security.yml
access_control:
- {path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY}
You'll need to add a specific firewall for anonymous access :
firewalls:
api:
pattern: ^/api
doc:
pattern: ^/api/doc
security: false
public:
pattern: ^/api/public
security: false
Another option is to allow anonymous users to access these 2 firewalls, I don't know however if it will works with remote curl calls for eg
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.