I believe a user (token) is only accessible within the firewall that logged it in. So as long as you are within /admin
part of your site you would have access to the app.user
, but not within the "unsecured" firewall.
To have the behaviour you are looking for, you need to have one overall/sitewide firewall with the pattern of ^/
and then use access rules to restrict access to /admin
.
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
'main' => array(
'pattern' => '^/',
'anonymous' => true,
'form' => array(
'login_path' => '/#login',
'check_path' => '/admin/login_check',
),
'logout' => array(
'logout_path' => '/admin/logout',
)
),
));
$app['security.access_rules'] = array(
array('^/admin', 'ROLE_ADMIN'),
array('^/', 'IS_AUTHENTICATED_ANONYMOUSLY'),
);
So a brand new user to your site would be immediately authenticated anonymously, until they login with a role that allows them to access /admin
.
It's also worth noting that if you were to have your login form within admin area, as something like /admin/login
. Them you would need to add an anonymous access rule for the login URL.
Hope this helps!