Securing URL patterns (access_control)
The most basic way to secure part of your application is to secure an entire URL pattern. You saw this earlier, where anything matching the regular expression ^/admin requires the ROLE_ADMIN role:
// config/packages/security.php
$container->loadFromExtension('security', array(
// ...
'firewalls' => array(
// ...
'main' => array(
// ...
),
),
'access_control' => array(
// require ROLE_ADMIN for /admin*
array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
),
));
You can define as many URL patterns as you need - each is a regular expression. BUT, only one will be matched. Symfony will look at each starting at the top, and stop as soon as it finds one access_control entry that matches the URL.