All *real* URLs are handled by the ``main`` firewall (no ``pattern`` key means

it matches *all* URLs). But this does *not* mean that every URL requires authentication.

Nope, thanks to the ``anonymous`` key, this firewall *is* accessible anonymously.

It is useful to let users be authenticated as anonymous. It means any request

can have an anonymous token to access some resource, while some actions can require

some privileges.

In fact, if you go to the homepage right now, you *will* have access and you'll see

that you're "authenticated" as ``anon.``. Don't be fooled by the "Yes" next to

..image::/_images/security/anonymous_wdt.png

It will also allow a request to access a form login without being authenticated as a

unique user (otherwise an infinite redirection loop would happen asking the user to

authenticate while trying to doing so).

You'll learn later how to deny access to certain URLs or controllers.

..note::

The "lazy" anonymous mode prevent the session from being started if there is

no need for authorization (i.e explicit check for a user privilege).

..note::

If you do not see the toolbar, install the:doc:`profiler</profiler>` with: