8000 feature #14721 [Security] Configuring a user checker per firewall (il… · symfony/symfony@1e0adf4 · GitHub
[go: up one dir, main page]
Skip to content

Commit 1e0adf4

Browse files
fabpotfabpot
committed
feature #14721 [Security] Configuring a user checker per firewall (iltar)
This PR was squashed before being merged into the 2.8 branch (closes #14721). Discussion ---------- [Security] Configuring a user checker per firewall _Changed my base branch to avoid issues, closed old PR_ | Q | A | ------------- | --- | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed ticket | #11090 and helps #14673 | License | MIT | Doc PR | symfony/symfony-docs/pull/5530 This pull request adds support for a configurable user checker per firewall. An example could be: ```yml services: app.user_checker: class: App\Security\UserChecker arguments: - "@request_stack" security: firewalls: secured_area: pattern: ^/ anonymous: ~ basic_auth: ~ user_checker: app.user_checker ``` The above example will use the `UserChecker` defined as `app.user_checker`. If the `user_checker` option is left empty, `security.user_checker` will be used. If the `user_checkers` option is not defined, it will fall back to the original behavior to not break backwards compatibility and will validate using the existing `UserChecker`: `security.user_checker`. I left the default argument in the service definitions to be `security.user_checker` to include backwards compatibility for people who for some reason don't have the extension executed. You can obtain the checker for a specific firewall by appending the firewall name to it. For the firewall `secured_area`, this would be `security.user_checker.secured_area`. Commits ------- 76bc662 [Security] Configuring a user checker per firewall
2 parents cddc6b9 + 76bc662 commit 1e0adf4

20 files changed

+115
-21
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -216,6 +216,11 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
216216
->prototype('scalar')->end()
217217
->end()
218218
->booleanNode('security')->defaultTrue()->end()
219+
->scalarNode('user_checker')
220+
->defaultValue('security.user_checker')
221+
->treatNullLike('security.user_checker')
222+
->info('The UserChecker to use when authenticating users in this firewall.')
223+
->end()
219224
->scalarNode('request_matcher')->end()
220225
->scalarNode('access_denied_url')->end()
221226
->scalarNode('access_denied_handler')->end()

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
6565
$container
6666
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao'))
6767
->replaceArgument(0, new Reference($userProviderId))
68+
->replaceArgument(1, new Reference('security.user_checker.'.$id))
6869
->replaceArgument(2, $id)
6970
;
7071

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
3030
$container
3131
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind'))
3232
->replaceArgument(0, new Reference($userProviderId))
33+
->replaceArgument(1, new Reference('security.user_checker.'.$id))
3334
->replaceArgument(2, $id)
3435
->replaceArgument(3, new Reference($config['service']))
3536
->replaceArgument(4, $config['dn_string'])

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
6969
->replaceArgument(0, $authenticatorReferences)
7070
->replaceArgument(1, new Reference($userProvider))
7171
->replaceArgument(2, $id)
72+
->replaceArgument(3, new Reference('security.user_checker.'.$id))
7273
;
7374

7475
// listener

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
2929
$container
3030
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao'))
3131
->replaceArgument(0, new Reference($userProvider))
32+
->replaceArgument(1, new Reference('security.user_checker.'.$id))
3233
->replaceArgument(2, $id)
3334
;
3435

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
3131
$container
3232
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind'))
3333
->replaceArgument(0, new Reference($userProvider))
34+
->replaceArgument(1, new Reference('security.user_checker.'.$id))
3435
->replaceArgument(2, $id)
3536
->replaceArgument(3, new Reference($config['service']))
3637
->replaceArgument(4, $config['dn_string'])

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
3535
$authProviderId = 'security.authentication.provider.rememberme.'.$id;
3636
$container
3737
->setDefinition($authProviderId, new DefinitionDecorator('security.authentication.provider.rememberme'))
38+
->replaceArgument(0, new Reference('security.user_checker.'.$id))
3839
->addArgument($config['secret'])
3940
->addArgument($id)
4041
;

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
3030
$container
3131
->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated'))
3232
->replaceArgument(0, new Reference($userProvider))
33+
->replaceArgument(1, new Reference('security.user_checker.'.$id))
3334
->addArgument($id)
3435
;
3536

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
2929
$container
3030
->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated'))
3131
->replaceArgument(0, new Reference($userProvider))
32+
->replaceArgument(1, new Reference('security.user_checker.'.$id))
3233
->addArgument($id)
3334
;
3435

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
1515
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface;
1616
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
17+
use Symfony\Component\DependencyInjection\Definition;
1718
use Symfony\Component\DependencyInjection\DefinitionDecorator;
1819
use Symfony\Component\DependencyInjection\Alias;
1920
use Symfony\Component\HttpKernel\DependencyInjection\Extension;
@@ -100,16 +101,16 @@ public function load(array $configs, ContainerBuilder $container)
100101

101102
// add some required classes for compilation
102103
$this->addClassesToCompile(array(
103-
'Symfony\\Component\\Security\\Http\\Firewall',
104-
'Symfony\\Component\\Security\\Core\\User\\UserProviderInterface',
105-
'Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager',
106-
'Symfony\\Component\\Security\\Core\\Authentication\\Token\\Storage\\TokenStorage',
107-
'Symfony\\Component\\Security\\Core\\Authorization\\AccessDecisionManager',
108-
'Symfony\\Component\\Security\\Core\\Authorization\\AuthorizationChecker',
109-
'Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface',
110-
'Symfony\\Bundle\\SecurityBundle\\Security\\FirewallMap',
111-
'Symfony\\Bundle\\SecurityBundle\\Security\\FirewallContext',
112-
'Symfony\\Component\\HttpFoundation\\RequestMatcher',
104+
'Symfony\Component\Security\Http\Firewall',
105+
'Symfony\Component\Security\Core\User\UserProviderInterface',
106+
'Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager',
107+
'Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage',
108+
'Symfony\Component\Security\Core\Authorization\AccessDecisionManager',
109+
'Symfony\Component\Security\Core\Authorization\AuthorizationChecker',
110+
'Symfony\Component\Security\Core\Authorization\Voter\VoterInterface',
111+
'Symfony\Bundle\SecurityBundle\Security\FirewallMap',
112+
'Symfony\Bundle\SecurityBundle\Security\FirewallContext',
113+
'Symfony\Component\HttpFoundation\RequestMatcher',
113114
));
114115
}
115116

@@ -369,6 +370,8 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
369370
// Exception listener
370371
$exceptionListener = new Reference($this->createExceptionListener($container, $firewall, $id, $configuredEntryPoint ?: $defaultEntryPoint, $firewall['stateless']));
371372

373+
$container->setAlias(new Alias('security.user_checker.'.$id, false), $firewall['user_checker']);
374+
372375
return array($matcher, $listeners, $exceptionListener);
373376
}
374377

@@ -577,6 +580,7 @@ private function createSwitchUserListener($container, $id, $config, $defaultProv
577580
$switchUserListenerId = 'security.authentication.switchuser_listener.'.$id;
578581
$listener = $container->setDefinition($switchUserListenerId, new DefinitionDecorator('security.authentication.switchuser_listener'));
579582
$listener->replaceArgument(1, new Reference($userProvider));
583+
$listener->replaceArgument(2, new Reference('security.user_checker.'.$id));
580584
$listener->replaceArgument(3, $id);
581585
$listener->replaceArgument(6, $config['parameter']);
582586
$listener->replaceArgument(7, $config['role']);

0 commit comments

Comments
 (0)
0