for my application I need the following feature: some pages may be accessed only by users who are logged in - they do not need to have any role. I've achieved this by writing my own Voter, which recognizes LOGIN_REQUIRED attribute.
Now I can write:
and my Voter lets the logged-in user in. It this attribute is not present Voter returns ACCESS_ABSTAIN.
I wonder if this it the only and the best way of implementing this feature? Is it possible to write it simpler without my own voter? I know that I could give every user a special role ROLE_VISITOR, or something like that, but I'd like to avoid giving the user a role only to recognize the situation she/he is logged in.
The most transparent solution would be when RoleVoter would recognize some keywords like:
- ROLE_ANY (user should have at least one role - does it make sens anyway?),
- ROLE_NOT_REQUIRED (the user should be logged in, but there is no need of having any roles - that make sens).
Just a thought.