Symfony2使用api密钥访问控制问题对用户进行身份验证

Hi I am developing a project for myself. What i want to do is to authenticate all calls to api except user signup. I created user authentication and user provider as explained in this link: http://symfony.com/doc/current/cookbook/security/api_key_authentication.html

Everything works fine, all of the urls to my backend is authenticated and they are handled by UserTokenAuthenticator and UserTokenProvider. But the thing it authenticates everycall. I dont want to authenticate this url

    /v1.0/users with POST method

So I have set my access control in security.yml file as following:

access_control:
    user_register:
        path: ^/v1.0/users
        roles: IS_AUTHENTICATED_ANONYMOUSLY
        methods: [POST]

But whenever i try to make a post call to this url it tries to authenticate (bec call doesnt have token as a parameter) and it fails. How can I prevent authentication for this route only?? Here is my full of the code:

security.yml:

security:
    encoders:
        entity_user:
            class: KBell\AppBundle\Entity\User
            algorithm: sha1
            iterations: 1
            encode_as_base64: false
        entity_device:
            class: KBell\AppBundle\Entity\Device
            algorithm: sha1
            iterations: 1
            encode_as_base64: false

    role_hierarchy:
        ROLE_DEVICE: ROLE_DEVICE
        ROLE_USER : ROLE_USER

    providers:
        entity_device:
            entity:
                class: KBell\AppBundle\Entity\Device
                property: name
        entity_user:
            entity:
                class: KBell\AppBundle\Entity\User
                property: email
        user_token_provider:
            id: user_token_provider
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        api_user_secured_area:
            pattern: ^/v1.0/users
            stateless: true
            simple_preauth:
                authenticator: user_token_authenticator
            provider: user_token_provider
    access_control:
        user_register:
            path: ^/v1.0/users
            roles: IS_AUTHENTICATED_ANONYMOUSLY
            methods: [POST]

Here is UserTokenAuthenticator:

<?php

class UserTokenAuthenticator implements SimplePreAuthenticatorInterface,    AuthenticationFailureHandlerInterface
{

    public function createToken(Request $request, $providerKey)
    {
        $accessToken = $request->query->get('access_token');
        if (!$accessToken) {
            throw new BadCredentialsException('Access Token is missing');
        }

        return new PreAuthenticatedToken(
            'anon.',
            $accessToken,
            $providerKey
        );
    }

    public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
    {
        $accessToken = $token->getCredentials();
        $user = $userProvider->getUserForAccessToken($accessToken);
        if (!$user) {
            throw new AuthenticationException(
                sprintf('Access Token "%s" does not exist.', $accessToken)
            );
        }

        return new PreAuthenticatedToken(
            $user,
            $accessToken,
            $providerKey,
            $user->getRoles()
        );
    }

    public function supportsToken(TokenInterface $token, $providerKey)
    {
        return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
    {
        return ApiUtil::getJsonErrorResponse("User authentication is failed: ".$exception->getMessage(), Response::HTTP_UNAUTHORIZED, "AuthenticationException");
    }
}

And Here is UserTokenProvider.php:

class UserTokenProvider implements UserProviderInterface
{
    private $userManager;

    public function __construct(UserManager $userManager)
    {
        $this->userManager = $userManager;
    }

    public function getUserForAccessToken($accessToken)
    {
        $user = $this->userManager->findUserByAccessToken($accessToken);
        return $user;
    }

    public function loadUserByUsername($username)
    {
    }

    public function refreshUser(UserInterface $user)
    {
        throw new UnsupportedUserException();
    }

    public function supportsClass($class)
    {
        return 'Symfony\Component\Security\Core\User\User' === $class;
    }
}

I spent lots of time for this. Any help will be appreciated! Thank you!

I think you can try to configure your firewall settings like this:

firewalls:
    secured_user_area:
        pattern: /v(\d+\.?\d*)/(?!users)
        stateless: true
        provider: user_token_provider

    ....

Here ?!users (or even multiple urls like ?!users|URL2|URL3) declaration excludes urls from the firewall.