@@ -556,6 +556,8 @@ will be able to authenticate (e.g. login form, API token, etc).
556
556
Only one firewall is active on each request: Symfony uses the ``pattern `` key
557
557
to find the first match (you can also
558
558
:doc: `match by host or other things </security/firewall_restriction >`).
559
+ Here, all real URLs are handled by the ``main `` firewall (no ``pattern `` key means
560
+ it matches *all * URLs).
559
561
560
562
The ``dev `` firewall is really a fake firewall: it makes sure that you
561
563
don't accidentally block Symfony's dev tools - which live under URLs like
@@ -619,7 +621,14 @@ you'll see that you're visiting a page behind the firewall in the toolbar:
619
621
620
622
Visiting a URL under a firewall doesn't necessarily require you to be authenticated
621
623
(e.g. the login form has to be accessible or some parts of your application
622
- are public). You'll learn how to restrict access to URLs, controllers or
624
+ are public). On the other hand, all pages that you want to be *aware * of a logged in
625
+ user have to be under the same firewall. So if you want to display a *"You are logged in
626
+ as ..." * message on every page, they all have to be included in the same firewall.
627
+
628
+ The same firewall can have many modes of authentication. In other words, it
629
+ enables many ways to ask the question *"Who are you?" *.
630
+
631
+ You'll learn how to restrict access to URLs, controllers or
623
632
anything else within your firewall in the :ref: `access control
624
633
<security-access-control>` section.
625
634
0 commit comments