security: enable_authenticator_manager: true password_hashers: App\Entity\LocalUser: algorithm: auto # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: local_user: chain: providers: [local_user_by_nickname, local_user_by_email] local_user_by_nickname: entity: class: 'App\Entity\LocalUser' property: 'nickname' local_user_by_email: entity: class: 'App\Entity\LocalUser' property: 'outgoing_email' firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false oauth: pattern: ^/oauth security: false main: lazy: true provider: local_user form_login: login_path: security_login check_path: security_login logout: path: security_logout # where to redirect after logout target: root # remember_me: # secret: '%kernel.secret%' # secure: true # httponly: '%remember_me_httponly%' # samesite: '%remember_me_samesite%' # token_provider: 'Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider' # custom_authenticator: 'App\Core\Security' # activate different ways to authenticate # https://symfony.com/doc/current/security.html#firewalls-authentication # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/admin, roles: ROLE_OPERATOR } - { path: ^/settings, roles: ROLE_VISITOR }