security - Symfony2 - FOSOauthServerBundle - Firewall configuration - Route Whitelist -


my goal have routes under firewall protected api except some. have firewall configuration this:

security:     acl:         connection: default  providers:     fos_userbundle:         id: fos_user.user_provider.username_email  encoders:     fos\userbundle\model\userinterface: sha512  firewalls:     oauth_token:         pattern:    ^/oauth/v2/token         security:   false      oauth_authorize:         pattern:    ^/oauth/v2/auth         form_login:             provider: fos_userbundle             check_path: /oauth/v2/auth_login_check             login_path: /oauth/v2/auth_login         anonymous: true      api:         pattern:    ^/.*         fos_oauth:  true         stateless:  true         anonymous: false  access_control:     - { path: ^/, methods: [get], roles: [ is_authenticated_anonymously ]}     - { path: ^/doc, methods: [get], roles: [ is_authenticated_anonymously ]}     - { path: ^/resque, methods: [get], roles: [ is_authenticated_anonymously ]}     - { path: /monitor, methods: [get], roles: [ is_authenticated_anonymously ]}     - { path: /users, methods: [post], roles: [ is_authenticated_anonymously ]}     - { path: /users/me/registration/confirm, methods: [get], roles: [ is_authenticated_anonymously ]}     - { path: /users/me/email/confirm, methods: [get], roles: [ is_authenticated_anonymously ]}     - { path: /instants/.*, methods: [put], roles: [is_authenticated_anonymously ]}     - { path: ^/_profiler, roles: [is_authenticated_anonymously]}     - { path: ^/_wdt, roles: [is_authenticated_anonymously]}     - { path: ^/_configurator, roles: [is_authenticated_anonymously]}     - { path: /.*, roles: [ is_authenticated_fully ]}

but routes /resque, /monitor , others not reachable without access token. doing wrong in configuration? or not possible implement route whitelist?

i had same problem , solved implementing firewall. no road oauth token wont checked. put regex routes in pattern. , don't forget put firewall in front of api firewall since have regex "match all"

    api_anonym_area:         pattern: (^/api/users/forgotten-password/.*)         methods: [post]         security: false

Comments

Post a Comment

Popular posts from this blog

IF statement in MySQL trigger -

this query code in mysql trigger. if 1=2 select 'yes'; else select 'no'; end if; but has following error: if '1'='2' select 'yes' error code: 1064. have error in sql syntax; check manual corresponds mysql server version right syntax use near 'if '1'='2' select 'yes'' @ line 1 0.000 sec what solution?
Read more

c++ - What does MSC in "// appease MSC" comments mean? -

i run across // appease msc in c++ comments, e.g. here : const int& array::operator[](int offset) const { int mysize = getitssize(); if (offset >= 0 && offset < getitssize()) return ptype[offset]; throw xboundary(); return ptype[offset]; // appease msc! } what msc stand ? the author means microsoft's compiler, more formally known msvc.
Read more

javascript - Blogger related post gadget image Resize s72-c [ Need Expert Help ] -

i run blogger blog , use follow code javascript code (requires no jquery) show related post labels/categories of post. <script type='text/javascript'> var defaultnoimage=&quot;http://1.bp.blogspot.com/-m72rpguntq0/vuokijudn_i/aaaaaaaaboi/lq18sceunsg/w72/favicon-tik.png&quot;; var maxresults=16; var splittercolor=&quot;#d4eaf2&quot;; var relatedpoststitle=&quot;related posts&quot;; </script> <script type='text/javascript'>//<![cdata[ var relatedtitles = new array(); var relatedtitlesnum = 0; var relatedurls = new array(); var thumburl = new array(); function related_results_labels_thumbs(json) { (var = 0; < json.feed.entry.length; i++) { var entry = json.feed.entry[i]; relatedtitles[relatedtitlesnum] = entry.title.$t; try { thumburl[relatedtitlesnum] = entry.media$thumbnail.url } catch (error) {...
Read more