You might think that the access controller will do this for us:
access_control: - { role: ROLE_USER, requires_channel: https } - { role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: http }
But no ... I think it will be a very nice feature.
In this case, we can crack something along with the request listener using kernel events:
namespace YourBundle\EventListener; use Symfony\Component\HttpKernel\Event\GetResponseEvent; use Symfony\Component\HttpFoundation\RedirectResponse; class RequestListener { public function onKernelRequest(GetResponseEvent $event) { $request = $event->getRequest(); // force ssl based on authentication if ($this->container->get('security.context')->isGranted('IS_AUTHENTICATED_FULLY')) { if (!$request->isSecure()) { $request->server->set('HTTPS', true); $request->server->set('SERVER_PORT', 443); $event->setResponse(new RedirectResponse($request->getUri())); } } else { if ($request->isSecure()) { $request->server->set('HTTPS', false); $request->server->set('SERVER_PORT', 80); $event->setResponse(new RedirectResponse($request->getUri())); } } } }
Define your listener in config.yml under services:
myapp.request.listener: class: MyApp\MyBundle\EventListener\RequestListener tags: - { name: kernel.event_listener, event: kernel.request }
More about events, etc. see symfony internals .