jerson/security.yml

## security.yml
# you can read more about security in the related section of the documentation
# http://symfony.com/doc/current/book/security.html
security:
    # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    # http://symfony.com/doc/current/book/security.html#hierarchical-roles
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH,ROLE_SONATA_ADMIN]

    # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    providers:
        admins:
            memory:
                users:
                    admin: { password: 123456, roles: [ 'ROLE_SUPER_ADMIN' ] }

    # the main part of the security, where you can set up firewalls
    # for specific sections of your app
    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        api_doc:
            pattern:  ^/api/doc/
            provider: admins
            anonymous: false
            stateless:  true
            http_basic:
                realm: "API REST"

        api:
            pattern:   ^/api/
            security:   false

        admin:
            pattern:  ^/admin/
            provider: admins
            anonymous: false
            stateless:  true
            http_basic:
                realm: "Panel de Admin"
            logout:
                path:   /admin/logout
                target: /admin/

    # with these settings you can restrict or allow access for different parts
    # of your application based on roles, ip, host or methods
    # http://symfony.com/doc/current/book/security.html#security-book-access-control-matching-options
    access_control:
        - { path: ^/admin, roles: ROLE_SUPER_ADMIN }
        - { path: ^/api/doc, roles: ROLE_SUPER_ADMIN }
        - { path: ^/api, roles: IS_AUTHENTICATED_ANONYMOUSLY }
	# you can read more about security in the related section of the documentation
	# http://symfony.com/doc/current/book/security.html
	security:
	# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
	encoders:
	Symfony\Component\Security\Core\User\User: plaintext

	# http://symfony.com/doc/current/book/security.html#hierarchical-roles
	role_hierarchy:
	ROLE_ADMIN: ROLE_USER
	ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH,ROLE_SONATA_ADMIN]

	# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
	providers:
	admins:
	memory:
	users:
	admin: { password: 123456, roles: [ 'ROLE_SUPER_ADMIN' ] }

	# the main part of the security, where you can set up firewalls
	# for specific sections of your app
	firewalls:
	# disables authentication for assets and the profiler, adapt it according to your needs
	dev:
	pattern: ^/(_(profiler\|wdt)\|css\|images\|js)/
	security: false

	api_doc:
	pattern: ^/api/doc/
	provider: admins
	anonymous: false
	stateless: true
	http_basic:
	realm: "API REST"

	api:
	pattern: ^/api/
	security: false

	admin:
	pattern: ^/admin/
	provider: admins
	anonymous: false
	stateless: true
	http_basic:
	realm: "Panel de Admin"
	logout:
	path: /admin/logout
	target: /admin/

	# with these settings you can restrict or allow access for different parts
	# of your application based on roles, ip, host or methods
	# http://symfony.com/doc/current/book/security.html#security-book-access-control-matching-options
	access_control:
	- { path: ^/admin, roles: ROLE_SUPER_ADMIN }
	- { path: ^/api/doc, roles: ROLE_SUPER_ADMIN }
	- { path: ^/api, roles: IS_AUTHENTICATED_ANONYMOUSLY }