I have a problem with symfony firewalls... Here an example:
app_customer_provider:
security: true
lazy: true
stateless person: true
custom_authenticators:
- XXX\Authenticator
- XXX\Authenticator
request_matcher: - XXX\Mathcer
In the access control access_control I have a protected route, ex /ping.
When I try to login with a JWT that matches the request_matcher, the authenticator works fine; blocking or allow access to the various routes.
The problem arises when no request_matcher intervenes. All routes are open despite being role protected, ex /ping is accessible.
Can you help me about it? Is there something I’m doing wrong or I’m missing?
It seems it is a symfony behavior... If no firewall is hitted, the security_access is not considered.
I use this workaround, use a fallback firewall in this way :