Can I secure SonataAdmin without SonataUserBundle?

Question

I would like to secure SonataAdmin without SonataUserBundle, the reasons are:

1. I'm using Symfony latest version and SonataUserBundle requiring to use PHP 7, which I cannot update to php 7 (Corporate policies)

2. Previous versions of SonataUserBundle requires Symfony 2.7 or lower, which I'm already too far into the project to downgrade symfony.

User authentication is done via CAS and is working, but when trying to access to /admin i get redirected back to /login

For me role access will be more than enough, as Sonata instructs in https://sonata-project.org/bundles/admin/master/doc/reference/security.html

To secure the admin I'm using Symfony standard way to secure the routes:

access_control:
   - { path: ^/admin, role: [ROLE_USER, ROLE_STAFF, ROLE_ADMIN, ROLE_SUPER_ADMIN, ROLE_SOCIAL_WORKER_SUPER_ADMIN] }

Any guidance here will be very much appreciated.

Thanks

Answer 1

SonataUserBundle isn't required for the rest of Sonata to function - it just adds functionality. You simply protect it as you have, with standard Symfony access control firewall.

I've got a long-established app, originally from an early 2.7 and now at 3.2.8 with SonataAdmin for all of that time, and the only mention of SonataUserBundle is where it is suggested for sonata-project/intl-bundle "For user timezone detection" .