I'm implementing a GET request like below. This route allows anonymous access, but I want to give more sensitive information when the user is authenticated.
[Controller]
/*
* @Route ("/api/item/{code}.{_format}", name="api.item.get", defaults={"_format"="json"}})
* @Method("GET")
* @Secure(roles="ROLE_API, IS_AUTHENTICATED_ANONYMOUSLY")
*/
public function getItemAction(Request $request, $code)
{
/* @var UsernamePasswordToken $token */
$token = $this->get('security.token_storage')->getToken();
$user = $token->getUser();
// snip
}
[security.yml]
- { path: '^/?api/items/[a-zA-Z0-9-]+', role: [ROLE_API, IS_AUTHENTICATED_ANONYMOUSLY] }
I'm expecting the $user is a User object when the user is authenticated but it's a string type and the value is "anon.". What am I missing?
I can't try it since I don't have symfony 2.8 anymore (side note: you should seriously consider updating your version!) but have you tried something like this?