Why doesn't Symfony2 require me to login even after I've configured the security?

This is my security setup for my Symfony2 project:

security:
    providers:
        main:
            users:
                asa: { pasword: test, roles: ROLE_USER }
    firewalls:
        application:
            pattern: /.*
            http_basic: true
            security: true
            logout: true

Even though I've followed the documentation, setup a user, require authentication for the whole site, it still allows me to access it as an anonymous user. The logs say "Populated SecurityContext with an anonymous Token"

I'm using the latest version of the sandbox where '.config' was 开发者_运维知识库removed from 'security.config'

This wasn't working because I was missing

access_control:
    - { path: /.*, role: ROLE_USER }

Looking at the logs and some of the vendor code, the firewalls section attempted to find my user, but without access_control it didn't have any need to force me from being an anonymous user.