Adjust documentation to unified security.yaml file

[proflan]

Hi, using the install instruction, I get the following error:

Configuration path "security.access_control" cannot be overwritten. You have to define all options for this path, and any of its sub-paths in one configuration section.

This is my security.yaml:

security:
access_decision_manager:
strategy: unanimous
allow_if_all_abstain: true

encoders:
    Sulu\Bundle\SecurityBundle\Entity\User: bcrypt

providers:
    sulu:
        id: sulu_security.user_provider

access_control:
    - { path: ^/admin/reset, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/security/reset, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/_wdt, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/translations, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, roles: ROLE_USER }

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    admin:
        pattern: ^/admin(\/|$)
        anonymous: true
        lazy: true
        provider: sulu
        entry_point: sulu_security.authentication_entry_point
        json_login:
            check_path: sulu_admin.login_check
            success_handler: sulu_security.authentication_handler
            failure_handler: sulu_security.authentication_handler
        logout:
            path: sulu_admin.logout
            success_handler: sulu_security.logout_success_handler

    website:
        pattern: ^/
        anonymous: lazy
        # The login and logout routes need to be created.
        # For an advanced user management with registration and opt-in emails have a look at the:
        # https://github.com/sulu/SuluCommunityBundle
        # Also have a look at the user context based caching when you output user role specific data
        # https://docs.sulu.io/en/2.2/cookbook/user-context-caching.html
        form_login:
            login_path: login
            check_path: login
        logout:
            path: logout
            target: /
        remember_me:
            secret:   "%kernel.secret%"
            lifetime: 604800 # 1 week in seconds
            path:     /

sulu_security:
checker:
enabled: true

security_website.yml:

security:
encoders:
Sulu\Bundle\SecurityBundle\Entity\User: bcrypt

providers:
sulu:
id: sulu_security.user_provider

access_control:
# needed when firewall on ^/ is not anonymous
# - { path: '/login', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: '/registration', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: '/password-reset', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: '/password-forget', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: '/_fragment', roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '/profile', roles: ROLE_USER }
- { path: '/completion', roles: ROLE_USER }

firewalls:
:
pattern: ^/
anonymous: lazy
form_login:
login_path: sulu_community.login
check_path: sulu_community.login
logout:
path: sulu_community.logout
target: /
remember_me:
secret: "%kernel.secret%"
lifetime: 604800 # 1 week in seconds
path: /

sulu_security:
checker:
enabled: true

sulu_community.yaml:

sulu_community:
webspaces:
:
from: "%env(SULU_ADMIN_EMAIL)%"

[niklasnatter]

Hey,
thanks for reaching out! The sulu/skeleton was adjusted to use a single security.yaml instead of a separate security_website.yaml and security_admin.yaml (see sulu/skeleton#114). It looks like the documentation of this bundle was not adjusted to the change yet.

When using the new version of the sulu/skeleton, you need to adjust the existing security.yaml instead of creating a security_website.yaml:

--- config/packages/security.yaml
+++ config/packages/security.yaml
@@ -1,62 +1,65 @@
 security:
     access_decision_manager:
         strategy: unanimous
         allow_if_all_abstain: true
 
     encoders:
         Sulu\Bundle\SecurityBundle\Entity\User: bcrypt
 
     providers:
         sulu:
             id: sulu_security.user_provider
 
     access_control:
         - { path: ^/admin/reset, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin/security/reset, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin/_wdt, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin/translations, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin, roles: ROLE_USER }
+        # the following rules are needed if the firewall does not allow anonymous users on ^/
+        # - { path: '/login', roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        # - { path: '/registration', roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        # - { path: '/password-reset', roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        # - { path: '/password-forget', roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        # - { path: '/_fragment', roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: '/profile', roles: ROLE_USER }
+        - { path: '/completion', roles: ROLE_USER }
 
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         admin:
             pattern: ^/admin(\/|$)
             anonymous: true
             lazy: true
             provider: sulu
             entry_point: sulu_security.authentication_entry_point
             json_login:
                 check_path: sulu_admin.login_check
                 success_handler: sulu_security.authentication_handler
                 failure_handler: sulu_security.authentication_handler
             logout:
                 path: sulu_admin.logout
                 success_handler: sulu_security.logout_success_handler
 
-#        website:
-#            pattern: ^/
-#            anonymous: lazy
-#            # The login and logout routes need to be created.
-#            # For an advanced user management with registration and opt-in emails have a look at the:
-#            # https://github.com/sulu/SuluCommunityBundle
-#            # Also have a look at the user context based caching when you output user role specific data
-#            # https://docs.sulu.io/en/2.2/cookbook/user-context-caching.html
-#            form_login:
-#                login_path: login
-#                check_path: login
-#            logout:
-#                path: logout
-#                target: /
-#            remember_me:
-#                secret:   "%kernel.secret%"
-#                lifetime: 604800 # 1 week in seconds
-#                path:     /
+        <webspace_key>: # Replace <webspace_key> with the key of your webspace
+            pattern: ^/
+            anonymous: lazy
+            form_login:
+                login_path: sulu_community.login
+                check_path: sulu_community.login
+            logout:
+                path: sulu_community.logout
+                target: /
+            remember_me:
+                secret:   "%kernel.secret%"
+                lifetime: 604800 # 1 week in seconds
+                path:     /
 
 sulu_security:
     checker:
         enabled: true