security: enable_authenticator_manager: true password_hashers: # use your user class name here App\Entity\User: # Use native password hasher, which auto-selects the best # possible hashing algorithm (starting from Symfony 5.3 this is "bcrypt") algorithm: auto # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: # used to reload user from session & other features (e.g. switch_user) app_user_provider: entity: class: App\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: lazy: true provider: app_user_provider custom_authenticators: - App\Security\AppAuthenticator logout: path: app_logout # where to redirect after logout # target: app_any_route remember_me: secret: '%kernel.secret%' lifetime: 604800 # 1 week in seconds path: / secure: true samesite: strict # by default, the feature is enabled by checking a # checkbox in the login form (see below), uncomment the # following line to always enable it. #always_remember_me: true # activate different ways to authenticate # https://symfony.com/doc/current/security.html#firewalls-authentication # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin, roles: ROLE_ADMIN } - { path: ^(?!/(login|register|reset-password|offers|offer/*|imprint|faq|sitemap.*)), roles: ROLE_USER }