security:
    providers:
        fos_userbundle:
            id: fos_user.user_manager

    encoders:
        "FOS\UserBundle\Model\UserInterface": sha512

    firewalls:

        # -> custom firewall for the admin area of the URL
        admin:
            switch_user:        true
            context:            user
            pattern:            /admin(.*)
            form_login:
                provider:       fos_userbundle
                login_path:     /admin/login
                use_forward:    false
                check_path:     /admin/login_check
                failure_path:   null
                use_referer:    true
            logout:
                path:           /admin/logout
                target:         /admin/login

            anonymous:    true
        # -> end custom configuration

        # default login area for standard users
        main:
            switch_user:        true
            context:            user
            pattern:            .*
            logout:             true
            anonymous:          true

            form_login:
                provider:                       fos_userbundle
                csrf_provider:                  form.csrf_provider

                login_path:                     /login
                use_forward:                    false
                check_path:                     /login_check
                post_only:                      true

                always_use_default_target_path: false
                default_target_path:            /admin/dashboard
                target_path_parameter:          _target_path
                use_referer:                    true

                failure_path:                   null
                failure_forward:                false

                username_parameter:             _username
                password_parameter:             _password

                csrf_parameter:                 _csrf_token
                intention:                      authenticate


    access_control:
        # URLs of FOSUserBundle which need to be available to anonymous users
        - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # -> custom access control for the admin area of the URL
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # -> end

        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Secured part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }


    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        SONATA:
            - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented


    acl:
        connection: default

Listing 42.5. Zmodyfikowany plik konfiguracyjny app/config/security.yml

Rozdział 42. Instalacja pakietów Sonata