Last Updated: February 25, 2016
· j7mbo

Simple silex firewall rules explained

It's annoying trying to set up your first Silex application with a working set of firewall rules. Here's one set that I have tested and works fully. These firewall rules do the following:

  • Allows anonymous access to the homepage (/)
  • Allows anonymous access to the login page (/login)
  • Requires ROLE_USER access for any other page you create (/dashboard, /somethingelse etc)

Feel free to use this as a base for your own Silex projects. I'll shortly be putting up a working Silex with authentication application on my Github.

$app->register(new Silex\Provider\SecurityServiceProvider(), array(
    'security.firewalls' => array(
        'login_path' => array(
            'pattern' => '^/login$',
            'anonymous' => true
        'default' => array(
            'pattern' => '^/.*$',
            'anonymous' => true,
            'form' => array(
                'login_path' => '/login',
                'check_path' => '/login_check',
            'logout' => array(
                'logout_path' => '/logout',
                'invalidate_session' => false
            'users' => $app->share(function($app) { 
                return new App\User\UserProvider($app['db']); 
    'security.access_rules' => array(
        array('^/login$', 'IS_AUTHENTICATED_ANONYMOUSLY'),
        array('^/.+$', 'ROLE_USER')

2 Responses
Add your response

I had the same problem but it looks like in your solution there is one mistake. The path to the /login_check is public which is not right, isn't it?

over 1 year ago ·