minor #11108 Update form_login_setup.rst (Deveosys)

wouterj · wouterj · commit 95ff38f845bf · 2019-04-06T17:57:25.000+02:00
This PR was squashed before being merged into the 4.2 branch (closes #11108). Discussion ---------- Update form_login_setup.rst Add access_control property in security.yml file in order to allow anonymous authenticated users to access the /login route Commits ------- c16923d Update form_login_setup.rst
diff --git a/security/form_login_setup.rst b/security/form_login_setup.rst
@@ -74,6 +74,50 @@ class that processes the login submit and 4) updates the main security config fi
         }
     }
 
+Edit the security.yml file in order to allow access to the ``/login`` route:
+
+.. configuration-block::
+
+    .. code-block:: yaml
+
+        # config/packages/security.yaml
+        security:
+            # ...
+
+            access_control:
+                - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+                # ...
+
+    .. code-block:: xml
+
+        <!-- config/packages/security.xml -->
+        <?xml version="1.0" charset="UTF-8" ?>
+        <srv:container xmlns="http://symfony.com/schema/dic/security"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xmlns:srv="http://symfony.com/schema/dic/services"
+            xsi:schemaLocation="http://symfony.com/schema/dic/services
+                http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+            <config>
+                <rule path="^/login" role="IS_AUTHENTICATED_ANONYMOUSLY" />
+                <!-- ... -->
+            </config>
+        </srv:container>
+
+    .. code-block:: php
+
+        // config/packages/security.php
+        $container->loadFromExtension('security', [
+            // ...
+            'access_control' => [
+                [
+                    'path' => '^/login',
+                    'roles' => 'IS_AUTHENTICATED_ANONYMOUSLY',
+                ],
+                // ...
+            ],
+        ]);
+
 **Step 2.** The template has very little to do with security: it just generates
 a traditional HTML form that submits to ``/login``:
 
