@@ -34,7 +34,7 @@ Basic Example: HTTP Authentication
3434The Security component can be configured via your application configuration.
3535In fact, most standard security setups are just a matter of using the right
3636configuration. The following configuration tells Symfony to secure any URL
37- matching ``/admin* `` and to ask the user for credentials using basic HTTP
37+ matching ``/admin/ * `` and to ask the user for credentials using basic HTTP
3838authentication (i.e. the old-school username/password box):
3939
4040..configuration-block ::
@@ -51,7 +51,9 @@ authentication (i.e. the old-school username/password box):
5151realm :" Secured Demo Area"
5252
5353access_control :
54- -{ path: ^/admin, roles: ROLE_ADMIN }
54+ -{ path: ^/admin/, roles: ROLE_ADMIN }
55+ # Include the following line to also secure the /admin path itself
56+ # - { path: ^/admin$, roles: ROLE_ADMIN }
5557
5658providers :
5759in_memory :
@@ -79,7 +81,9 @@ authentication (i.e. the old-school username/password box):
7981 </firewall >
8082
8183 <access-control >
82- <rule path =" ^/admin" role =" ROLE_ADMIN"
84+ <rule path =" ^/admin/" role =" ROLE_ADMIN"
85+ <!-- Include the following line to also secure the /admin path itself-->
86+ <!-- <rule path="^/admin$" role="ROLE_ADMIN" />-->
8387 </access-control >
8488
8589 <provider name =" in_memory"
@@ -108,7 +112,9 @@ authentication (i.e. the old-school username/password box):
108112 ),
109113 ),
110114 'access_control' => array(
111- array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
115+ array('path' => '^/admin/', 'role' => 'ROLE_ADMIN'),
116+ // Include the following line to also secure the /admin path itself
117+ // array('path' => '^/admin$', 'role' => 'ROLE_ADMIN'),
112118 ),
113119 'providers' => array(
114120 'in_memory' => array(
@@ -143,9 +149,9 @@ that looks like the following:
143149
144150* There are two users in the system (``ryan `` and ``admin ``);
145151* Users authenticate themselves via the basic HTTP authentication prompt;
146- * Any URL matching ``/admin* `` is secured, and only the ``admin `` user
152+ * Any URL matching ``/admin/ * `` is secured, and only the ``admin `` user
147153 can access it;
148- * All URLs *not * matching ``/admin* `` are accessible by all users (and the
154+ * All URLs *not * matching ``/admin/ * `` are accessible by all users (and the
149155 user is never prompted to log in).
150156
151157Read this short summary about how security works and how each part of the
@@ -193,7 +199,7 @@ Access Controls (Authorization)
193199If a user requests ``/admin/foo ``, however, the process behaves differently.
194200This is because of the ``access_control `` configuration section that says
195201that any URL matching the regular expression pattern ``^/admin `` (i.e. ``/admin ``
196- or anything matching ``/admin* ``) requires the ``ROLE_ADMIN `` role. Roles
202+ or anything matching ``/admin/ * ``) requires the ``ROLE_ADMIN `` role. Roles
197203are the basis for most authorization: a user can access ``/admin/foo `` only
198204if it has the ``ROLE_ADMIN `` role.
199205