@@ -562,15 +562,13 @@ will be able to authenticate (e.g. login form, API token, etc).
562562pattern `` key
563563to find the first match (you can also
564564:doc: `match by host or other things </security/firewall_restriction >`).
565+ Here, all real URLs are handled by the ``main `` firewall (no ``pattern `` key means
566+ it matches *all * URLs).
565567
566568The ``dev `` firewall is really a fake firewall: it makes sure that you
567569don't accidentally block Symfony's dev tools - which live under URLs like
568570``/_profiler `` and ``/_wdt ``.
569571
570- All *real * URLs are handled by the ``main `` firewall (no ``pattern `` key means
571- it matches *all * URLs). A firewall can have many modes of authentication,
572- in other words, it enables many ways to ask the question "Who are you?".
573-
574572Often, the user is unknown (i.e. not logged in) when they first visit your
575573website. If you visit your homepage right now, you *will * have access and
576574you'll see that you're visiting a page behind the firewall in the toolbar:
@@ -580,7 +578,14 @@ you'll see that you're visiting a page behind the firewall in the toolbar:
580578
581579Visiting a URL under a firewall doesn't necessarily require you to be authenticated
582580(e.g. the login form has to be accessible or some parts of your application
583- are public). You'll learn how to restrict access to URLs, controllers or
581+ are public). On the other hand, all pages that you want to be *aware * of a logged in
582+ user have to be under the same firewall. So if you want to display a *"You are logged in
583+ as ..." * message on every page, they all have to be included in the same firewall.
584+
585+ The same firewall can have many modes of authentication. In other words, it
586+ enables many ways to ask the question *"Who are you?" *.
587+
588+ You'll learn how to restrict access to URLs, controllers or
584589anything else within your firewall in the :ref: `access control
585590<security-access-control>` section.
586591
0 commit comments