deblan.tv/app/config/security.yml

jms_security_extra:
    secure_all_services: false
    expressions: true

security:
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    firewalls:
        # -> firewall for the frontend area of the URL
        default:
            pattern: ^/(?!admin)
            anonymous:    true
            switch_user:  false
        # -> end custom configuration

        # -> firewall for the admin area of the URL
        admin:
            pattern: ^/admin(.*)
            form_login:
                provider:             fos_userbundle
                csrf_provider:        form.csrf_provider
                default_target_path:  /admin
                login_path:           /admin/login
                check_path:           /admin/login_check
                use_forward:          true
                use_referer:          true
                # -> handler for ajax authentication
                success_handler:  trinity.authentication.success_handler
                failure_handler:  trinity.authentication.failure_handler
            logout:
                path: /admin/logout
                target: /admin/
            anonymous:    true
            switch_user:  true
            remember_me:
                key:      "%secret%"
                lifetime: 31536000 # 365 days in seconds
                path:     /
                domain:   ~ # Defaults to the current domain from $_SERVER
        # -> end custom configuration
    access_control:
        # - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # -> Secured admin area
        - { path: ^/admin/login$,           role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$,          role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login_check$,     role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/xhr_check$,       role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/cms/navigation,   role: ROLE_BO_USER }
        - { path: ^/admin/cms/menu,         role: ROLE_BO_USER }
        - { path: ^/admin/group,            role: ROLE_BO_USER }
        - { path: ^/admin/,                 role: ROLE_BO_USER }
        # -> end

    role_hierarchy:
        ROLE_BO_USER:   [ROLE_USER]
        ROLE_SUPER_ADMIN: [ROLE_BO_USER]