Вопрос
I've noticed that FOSUserBundle's default access_control configuration is
https://stackoverflow.com/questions/17318491
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
But when I try to set these roles to
IS_AUTHENTICATED_ANONYMOUSLY && !IS_AUTHENTICATED_FULLY
it gives me endless loops to /login. How can I make only these three rules to be forbidden for fully authenticated users?
Решение
You should not deny access for the login page when the user is logged in, because a 403 forbidden will redirect automatically to login page because it request the user to login.
Better you write a service that checks every request. When it matches login request you need to check if the user is authenticated and redirect him to index page instead to the requested login page.
