Skip to content

Commit fe9fdac

Browse files
weaverryanweaverryan
committed
[#4606] Getting my XML (and PHP) on in the new security chapter
1 parent aedfcd2 commit fe9fdac

File tree

1 file changed

+308
-2
lines changed

1 file changed

+308
-2
lines changed

book/security.rst

Lines changed: 308 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,48 @@ configuration looks like this:
4949
default:
5050
anonymous: ~
5151
52+
.. code-block:: xml
53+
54+
<!-- app/config/security.xml -->
55+
<?xml version="1.0" encoding="UTF-8"?>
56+
<srv:container xmlns="http://symfony.com/schema/dic/security"
57+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
58+
xmlns:srv="http://symfony.com/schema/dic/services"
59+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
60+
61+
<config>
62+
<provider name="in_memory">
63+
<memory />
64+
</provider>
65+
66+
<firewall name="dev" pattern="^/(_(profiler|wdt)|css|images|js)/" security=false />
67+
68+
<firewall name="default">
69+
<anonymous />
70+
</firewall>
71+
</config>
72+
</srv:container>
73+
74+
.. code-block:: php
75+
76+
// app/config/security.php
77+
$container->loadFromExtension('security', array(
78+
'providers' => array(
79+
'in_memory' => array(
80+
'memory' => array(),
81+
),
82+
),
83+
'firewalls' => array(
84+
'dev' => array(
85+
'pattern' => '^/(_(profiler|wdt)|css|images|js)/',
86+
'security' => false,
87+
),
88+
'default' => array(
89+
'anonymous' => null,
90+
),
91+
),
92+
));
93+
5294
The ``firewalls`` key is the *heart* of your security configuration. The
5395
``dev`` firewall isn't important, it just makes sure that Symfony's development
5496
tools - which live under URLs like ``/_profiler`` and ``/_wdt`` aren't blocked
@@ -96,6 +138,39 @@ To activate this, add the ``http_basic`` key under your firewall:
96138
anonymous: ~
97139
http_basic: ~
98140
141+
.. code-block:: xml
142+
143+
<!-- app/config/security.xml -->
144+
<?xml version="1.0" encoding="UTF-8"?>
145+
<srv:container xmlns="http://symfony.com/schema/dic/security"
146+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
147+
xmlns:srv="http://symfony.com/schema/dic/services"
148+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
149+
150+
<config>
151+
<!-- ... -->
152+
153+
<firewall name="default">
154+
<anonymous />
155+
<http-basic />
156+
</firewall>
157+
</config>
158+
</srv:container>
159+
160+
.. code-block:: php
161+
162+
// app/config/security.php
163+
$container->loadFromExtension('security', array(
164+
// ...
165+
'firewalls' => array(
166+
// ...
167+
'default' => array(
168+
'anonymous' => null,
169+
'http_basic' => null,
170+
),
171+
),
172+
));
173+
99174
Simple! To try this, you need to require the user to be logged in to see
100175
a page. To make things interesting, create a new page at ``/admin``. For
101176
example, if you use annotations, create something like this::
@@ -131,9 +206,49 @@ user to be logged in to access this URL:
131206
# ...
132207
133208
access_control:
134-
# require ROLE_ADMIN for /admin/*
209+
# require ROLE_ADMIN for /admin*
135210
- { path: ^/admin, roles: ROLE_ADMIN }
136211
212+
.. code-block:: xml
213+
214+
<!-- app/config/security.xml -->
215+
<?xml version="1.0" encoding="UTF-8"?>
216+
<srv:container xmlns="http://symfony.com/schema/dic/security"
217+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
218+
xmlns:srv="http://symfony.com/schema/dic/services"
219+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
220+
221+
<config>
222+
<!-- ... -->
223+
224+
<firewall name="default">
225+
<!-- ... -->
226+
</firewall>
227+
228+
<access-control>
229+
<!-- require ROLE_ADMIN for /admin* -->
230+
<rule path="^/admin" role="ROLE_ADMIN" />
231+
</access-control>
232+
</config>
233+
</srv:container>
234+
235+
.. code-block:: php
236+
237+
// app/config/security.php
238+
$container->loadFromExtension('security', array(
239+
// ...
240+
'firewalls' => array(
241+
// ...
242+
'default' => array(
243+
// ...
244+
),
245+
),
246+
'access_control' => array(
247+
// require ROLE_ADMIN for /admin*
248+
array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
249+
),
250+
));
251+
137252
.. note::
138253

139254
You'll learn more about this ``ROLE_ADMIN`` thing and denying access
@@ -185,6 +300,50 @@ provider, but it's better to think of it as an "in configuration" provider:
185300
admin:
186301
password: kitten
187302
roles: 'ROLE_ADMIN'
303+
# ...
304+
305+
.. code-block:: xml
306+
307+
<!-- app/config/security.xml -->
308+
<?xml version="1.0" encoding="UTF-8"?>
309+
<srv:container xmlns="http://symfony.com/schema/dic/security"
310+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
311+
xmlns:srv="http://symfony.com/schema/dic/services"
312+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
313+
314+
<config>
315+
<provider name="in_memory">
316+
<memory>
317+
<user name="ryan" password="ryanpass" roles="ROLE_USER" />
318+
<user name="admin" password="kitten" roles="ROLE_ADMIN" />
319+
</memory>
320+
</provider>
321+
<!-- ... -->
322+
</config>
323+
</srv:container>
324+
325+
.. code-block:: php
326+
327+
// app/config/security.php
328+
$container->loadFromExtension('security', array(
329+
'providers' => array(
330+
'in_memory' => array(
331+
'memory' => array(
332+
'users' => array(
333+
'ryan' => array(
334+
'password' => 'ryanpass',
335+
'roles' => 'ROLE_USER',
336+
),
337+
'admin' => array(
338+
'password' => 'kitten',
339+
'roles' => 'ROLE_ADMIN',
340+
),
341+
),
342+
),
343+
),
344+
),
345+
// ...
346+
));
188347
189348
Like with ``firewalls``, you can have multiple ``providers``, but you'll
190349
probably only need one. If you *do* have multiple, you can configure which
@@ -208,6 +367,37 @@ To fix this, add an ``encoders`` key:
208367
209368
encoders:
210369
Symfony\Component\Security\Core\User\User: plaintext
370+
# ...
371+
372+
.. code-block:: xml
373+
374+
<!-- app/config/security.xml -->
375+
<?xml version="1.0" encoding="UTF-8"?>
376+
<srv:container xmlns="http://symfony.com/schema/dic/security"
377+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
378+
xmlns:srv="http://symfony.com/schema/dic/services"
379+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
380+
381+
<config>
382+
<!-- ... -->
383+
384+
<encoder class="Symfony\Component\Security\Core\User\User"
385+
algorithm="plaintext" />
386+
<!-- ... -->
387+
</config>
388+
</srv:container>
389+
390+
.. code-block:: php
391+
392+
// app/config/security.php
393+
$container->loadFromExtension('security', array(
394+
// ...
395+
396+
'encoders' => array(
397+
'Symfony\Component\Security\Core\User\User' => 'plaintext',
398+
),
399+
// ...
400+
));
211401
212402
User providers load user information and put it into a ``User`` object. If
213403
you :doc:`load users from the database </cookbook/security/entity_provider>`
@@ -258,6 +448,39 @@ else, you'll want to encode their passwords. The best algorithm to use is
258448
algorithm: bcrypt
259449
cost: 12
260450
451+
.. code-block:: xml
452+
453+
<!-- app/config/security.xml -->
454+
<?xml version="1.0" encoding="UTF-8"?>
455+
<srv:container xmlns="http://symfony.com/schema/dic/security"
456+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
457+
xmlns:srv="http://symfony.com/schema/dic/services"
458+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
459+
460+
<config>
461+
<!-- ... -->
462+
463+
<encoder class="Symfony\Component\Security\Core\User\User"
464+
algorithm="bcrypt" cost="12" />
465+
<!-- ... -->
466+
</config>
467+
</srv:container>
468+
469+
.. code-block:: php
470+
471+
// app/config/security.php
472+
$container->loadFromExtension('security', array(
473+
// ...
474+
475+
'encoders' => array(
476+
'Symfony\Component\Security\Core\User\User' => array(
477+
'algorithm' => 'plaintext',
478+
'cost' => 12,
479+
)
480+
),
481+
// ...
482+
));
483+
261484
.. include:: /cookbook/security/_ircmaxwell_password-compat.rst.inc
262485

263486
Of course, your user's passwords now need to be encoded with this exact algorithm.
@@ -283,6 +506,49 @@ like this:
283506
password: $2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G
284507
roles: 'ROLE_ADMIN'
285508
509+
.. code-block:: xml
510+
511+
<!-- app/config/security.xml -->
512+
<?xml version="1.0" encoding="UTF-8"?>
513+
<srv:container xmlns="http://symfony.com/schema/dic/security"
514+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
515+
xmlns:srv="http://symfony.com/schema/dic/services"
516+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
517+
518+
<config>
519+
<provider name="in_memory">
520+
<memory>
521+
<user name="ryan" password="$2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli" roles="ROLE_USER" />
522+
<user name="admin" password="$2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G" roles="ROLE_ADMIN" />
523+
</memory>
524+
</provider>
525+
<!-- ... -->
526+
</config>
527+
</srv:container>
528+
529+
.. code-block:: php
530+
531+
// app/config/security.php
532+
$container->loadFromExtension('security', array(
533+
'providers' => array(
534+
'in_memory' => array(
535+
'memory' => array(
536+
'users' => array(
537+
'ryan' => array(
538+
'password' => '$2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli',
539+
'roles' => 'ROLE_USER',
540+
),
541+
'admin' => array(
542+
'password' => '$2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G',
543+
'roles' => 'ROLE_ADMIN',
544+
),
545+
),
546+
),
547+
),
548+
),
549+
// ...
550+
));
551+
286552
Everything will now work exactly like before. But if you have dynamic users
287553
(e.g. from a database), how can you programmatically encode the password
288554
before inserting them into the database? Don't worry, see
@@ -404,9 +670,49 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
404670
# ...
405671
406672
access_control:
407-
# require ROLE_ADMIN for /admin/*
673+
# require ROLE_ADMIN for /admin*
408674
- { path: ^/admin, roles: ROLE_ADMIN }
409675
676+
.. code-block:: xml
677+
678+
<!-- app/config/security.xml -->
679+
<?xml version="1.0" encoding="UTF-8"?>
680+
<srv:container xmlns="http://symfony.com/schema/dic/security"
681+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
682+
xmlns:srv="http://symfony.com/schema/dic/services"
683+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
684+
685+
<config>
686+
<!-- ... -->
687+
688+
<firewall name="default">
689+
<!-- ... -->
690+
</firewall>
691+
692+
<access-control>
693+
<!-- require ROLE_ADMIN for /admin* -->
694+
<rule path="^/admin" role="ROLE_ADMIN" />
695+
</access-control>
696+
</config>
697+
</srv:container>
698+
699+
.. code-block:: php
700+
701+
// app/config/security.php
702+
$container->loadFromExtension('security', array(
703+
// ...
704+
'firewalls' => array(
705+
// ...
706+
'default' => array(
707+
// ...
708+
),
709+
),
710+
'access_control' => array(
711+
// require ROLE_ADMIN for /admin*
712+
array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
713+
),
714+
));
715+
410716
This is great for securing entire sections, but you'll also probably want
411717
to :ref:`secure your individual controllers <book-security-securing-controller>`
412718
as well.

0 commit comments

Comments
 (0)