8000 review all Security code blocks · symfony/symfony-docs@2159bda · GitHub
[go: up one dir, main page]
Skip to content

Commit 2159bda

Browse files
xabbuhxabbuh
committed
review all Security code blocks
1 parent 5624ed7 commit 2159bda

17 files changed

+657
-305
lines changed

book/security.rst

Lines changed: 45 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ configuration looks like this:
6767
6868
<firewall name="dev"
6969
pattern="^/(_(profiler|wdt)|css|images|js)/"
70-
security=false />
70+
security="false" />
7171
7272
<firewall name="default">
7373
<anonymous />
@@ -81,7 +81,7 @@ configuration looks like this:
8181
$container->loadFromExtension('security', array(
8282
'providers' => array(
8383
'in_memory' => array(
84-
'memory' => array(),
84+
'memory' => null,
8585
),
8686
),
8787
'firewalls' => array(
@@ -209,6 +209,8 @@ user to be logged in to access this URL:
209209
# ...
210210
firewalls:
211211
# ...
212+
default:
213+
# ...
212214
213215
access_control:
214216
# require ROLE_ADMIN for /admin*
@@ -231,10 +233,8 @@ user to be logged in to access this URL:
231233
<!-- ... -->
232234
</firewall>
233235
234-
<access-control>
235-
<!-- require ROLE_ADMIN for /admin* -->
236-
<rule path="^/admin" role="ROLE_ADMIN" />
237-
</access-control>
236+
<!-- require ROLE_ADMIN for /admin* -->
237+
<rule path="^/admin" role="ROLE_ADMIN" />
238238
</config>
239239
</srv:container>
240240
@@ -541,20 +541,23 @@ like this:
541541
http://symfony.com/schema/dic/services/services-1.0.xsd">
542542
543543
<config>
544+
<!-- ... -->
545+
544546
<provider name="in_memory">
545547
<memory>
546548
<user name="ryan" password="$2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli" roles="ROLE_USER" />
547549
<user name="admin" password="$2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G" roles="ROLE_ADMIN" />
548550
</memory>
549551
</provider>
550-
<!-- ... -->
551552
</config>
552553
</srv:container>
553554
554555
.. code-block:: php
555556
556557
// app/config/security.php
557558
$container->loadFromExtension('security', array(
559+
// ...
560+
558561
'providers' => array(
559562
'in_memory' => array(
560563
'memory' => array(
@@ -691,8 +694,11 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
691694
# app/config/security.yml
692695
security:
693696
# ...
697+
694698
firewalls:
695699
# ...
700+
default:
701+
# ...
696702
697703
access_control:
698704
# require ROLE_ADMIN for /admin*
@@ -715,10 +721,8 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
715721
<!-- ... -->
716722
</firewall>
717723
718-
<access-control>
719-
<!-- require ROLE_ADMIN for /admin* -->
720-
<rule path="^/admin" role="ROLE_ADMIN" />
721-
</access-control>
724+
<!-- require ROLE_ADMIN for /admin* -->
725+
<rule path="^/admin" role="ROLE_ADMIN" />
722726
</config>
723727
</srv:container>
724728
@@ -727,6 +731,7 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
727731
// app/config/security.php
728732
$container->loadFromExtension('security', array(
729733
// ...
734+
730735
'firewalls' => array(
731736
// ...
732737
'default' => array(
@@ -755,6 +760,7 @@ matches the URL.
755760
# app/config/security.yml
756761
security:
757762
# ...
763+
758764
access_control:
759765
- { path: ^/admin/users, roles: ROLE_SUPER_ADMIN }
760766
- { path: ^/admin, roles: ROLE_ADMIN }
@@ -771,10 +777,9 @@ matches the URL.
771777
772778
<config>
773779
<!-- ... -->
774-
<access-control>
775-
<rule path="^/admin/users" role="ROLE_SUPER_ADMIN" />
776-
<rule path="^/admin" role="ROLE_ADMIN" />
777-
</access-control>
780+
781+
<rule path="^/admin/users" role="ROLE_SUPER_ADMIN" />
782+
<rule path="^/admin" role="ROLE_ADMIN" />
778783
</config>
779784
</srv:container>
780785
@@ -783,6 +788,7 @@ matches the URL.
783788
// app/config/security.php
784789
$container->loadFromExtension('security', array(
785790
// ...
791+
786792
'access_control' => array(
787793
array('path' => '^/admin/users', 'role' => 'ROLE_SUPER_ADMIN'),
788794
array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
@@ -1037,13 +1043,14 @@ the firewall can handle this automatically for you when you activate the
10371043
10381044
# app/config/security.yml
10391045
security:
1046+
# ...
1047+
10401048
firewalls:
10411049
secured_area:
10421050
# ...
10431051
logout:
10441052
path: /logout
10451053
target: /
1046-
# ...
10471054
10481055
.. code-block:: xml
10491056
@@ -1056,25 +1063,27 @@ the firewall can handle this automatically for you when you activate the
10561063
http://symfony.com/schema/dic/services/services-1.0.xsd">
10571064
10581065
<config>
1059-
<firewall name="secured_area" pattern="^/">
1066+
<!-- ... -->
1067+
1068+
<firewall name="secured_area">
10601069
<!-- ... -->
10611070
<logout path="/logout" target="/" />
10621071
</firewall>
1063-
<!-- ... -->
10641072
</config>
10651073
</srv:container>
10661074
10671075
.. code-block:: php
10681076
10691077
// app/config/security.php
10701078
$container->loadFromExtension('security', array(
1079+
// ...
1080+
10711081
'firewalls' => array(
10721082
'secured_area' => array(
10731083
// ...
1074-
'logout' => array('path' => 'logout', 'target' => '/'),
1084+
'logout' => array('path' => '/logout', 'target' => '/'),
10751085
),
10761086
),
1077-
// ...
10781087
));
10791088
10801089
Next, you'll need to create a route for this URL (but not a controller):
@@ -1085,7 +1094,7 @@ Next, you'll need to create a route for this URL (but not a controller):
10851094
10861095
# app/config/routing.yml
10871096
logout:
1088-
path: /logout
1097+
path: /logout
10891098
10901099
.. code-block:: xml
10911100
@@ -1106,7 +1115,7 @@ Next, you'll need to create a route for this URL (but not a controller):
11061115
use Symfony\Component\Routing\Route;
11071116
11081117
$collection = new RouteCollection();
1109-
$collection->add('logout', new Route('/logout', array()));
1118+
$collection->add('logout', new Route('/logout'));
11101119
11111120
return $collection;
11121121
@@ -1171,6 +1180,8 @@ rules by creating a role hierarchy:
11711180
11721181
# app/config/security.yml
11731182
security:
1183+
# ...
1184+
11741185
role_hierarchy:
11751186
ROLE_ADMIN: ROLE_USER
11761187
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
@@ -1186,6 +1197,8 @@ rules by creating a role hierarchy:
11861197
http://symfony.com/schema/dic/services/services-1.0.xsd">
11871198
11881199
<config>
1200+
<!-- ... -->
1201+
11891202
<role id="ROLE_ADMIN">ROLE_USER</role>
11901203
<role id="ROLE_SUPER_ADMIN">ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH</role>
11911204
</config>
@@ -1195,6 +1208,8 @@ rules by creating a role hierarchy:
11951208
11961209
// app/config/security.php
11971210
$container->loadFromExtension('security', array(
1211+
// ...
1212+
11981213
'role_hierarchy' => array(
11991214
'ROLE_ADMIN' => 'ROLE_USER',
12001215
'ROLE_SUPER_ADMIN' => array(
@@ -1224,6 +1239,8 @@ cookie will be ever created by Symfony):
12241239
12251240
# app/config/security.yml
12261241
security:
1242+
# ...
1243+
12271244
firewalls:
12281245
main:
12291246
http_basic: ~
@@ -1240,7 +1257,9 @@ cookie will be ever created by Symfony):
12401257
http://symfony.com/schema/dic/services/services-1.0.xsd">
12411258
12421259
<config>
1243-
<firewall stateless="true">
1260+
<!-- ... -->
1261+
1262+
<firewall name="main" stateless="true">
12441263
<http-basic />
12451264
</firewall>
12461265
</config>
@@ -1250,8 +1269,10 @@ cookie will be ever created by Symfony):
12501269
12511270
// app/config/security.php
12521271
$container->loadFromExtension('security', array(
1272+
// ...
1273+
12531274
'firewalls' => array(
1254-
'main' => array('http_basic' => array(), 'stateless' => true),
1275+
'main' => array('http_basic' => null, 'stateless' => true),
12551276
),
12561277
));
12571278

cookbook/security/access_control.rst

Lines changed: 14 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -54,12 +54,10 @@ Take the following ``access_control`` entries as an example:
5454
5555
<config>
5656
<!-- ... -->
57-
<access-control>
58-
<rule path="^/admin" role="ROLE_USER_IP" ip="127.0.0.1" />
59-
<rule path="^/admin" role="ROLE_USER_HOST" host="symfony\.com$" />
60-
<rule path="^/admin" role="ROLE_USER_METHOD" method="POST, PUT" />
61-
<rule path="^/admin" role="ROLE_USER" />
62-
</access-control>
57+
<rule path="^/admin" role="ROLE_USER_IP" ip="127.0.0.1" />
58+
<rule path="^/admin" role="ROLE_USER_HOST" host="symfony\.com$" />
59+
<rule path="^/admin" role="ROLE_USER_METHOD" methods="POST, PUT" />
60+
<rule path="^/admin" role="ROLE_USER" />
6361
</config>
6462
</srv:container>
6563
@@ -82,7 +80,7 @@ Take the following ``access_control`` entries as an example:
8280
array(
8381
'path' => '^/admin',
8482
'role' => 'ROLE_USER_METHOD',
85-
'method' => 'POST, PUT',
83+
'methods' => 'POST, PUT',
8684
),
8785
array(
8886
'path' => '^/admin',
@@ -193,11 +191,10 @@ pattern so that it is only accessible by requests from the local server itself:
193191
194192
<config>
195193
<!-- ... -->
196-
<access-control>
197-
<rule path="^/esi" role="IS_AUTHENTICATED_ANONYMOUSLY"
198-
ips="127.0.0.1, ::1" />
199-
<rule path="^/esi" role="ROLE_NO_ACCESS" />
200-
</access-control>
194+
<rule path="^/internal"
195+
role="IS_AUTHENTICATED_ANONYMOUSLY"
196+
ips="127.0.0.1, ::1" />
197+
<rule path="^/internal" role="ROLE_NO_ACCESS" />
201198
</config>
202199
</srv:container>
203200
@@ -208,12 +205,12 @@ pattern so that it is only accessible by requests from the local server itself:
208205
// ...
209206
'access_control' => array(
210207
array(
211-
'path' => '^/esi',
208+
'path' => '^/internal',
212209
'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
213210
'ips' => '127.0.0.1, ::1'
214211
),
215212
array(
216-
'path' => '^/esi',
213+
'path' => '^/internal',
217214
'role' => 'ROLE_NO_ACCESS'
218215
),
219216
),
@@ -270,11 +267,9 @@ the user will be redirected to ``https``:
270267
xsi:schemaLocation="http://symfony.com/schema/dic/services
271268
http://symfony.com/schema/dic/services/services-1.0.xsd">
272269
273-
<access-control>
274-
<rule path="^/cart/checkout"
275-
role="IS_AUTHENTICATED_ANONYMOUSLY"
276-
requires-channel="https" />
277-
</access-control>
270+
<rule path="^/cart/checkout"
271+
role="IS_AUTHENTICATED_ANONYMOUSLY"
272+
requires-channel="https" />
278273
</srv:container>
279274
280275
.. code-block:: php

cookbook/security/acl.rst

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,20 +52,36 @@ First, you need to configure the connection the ACL system is supposed to use:
5252
5353
# app/config/security.yml
5454
security:
55+
# ...
56+
5557
acl:
5658
connection: default
5759
5860
.. code-block:: xml
5961
6062
<!-- app/config/security.xml -->
61-
<acl>
62-
<connection>default</connection>
63-
</acl>
63+
<?xml version="1.0" encoding="UTF-8"?>
64+
<srv:container xmlns="http://symfony.com/schema/dic/security"
65+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
66+
xmlns:srv="http://symfony.com/schema/dic/services"
67+
xsi:schemaLocation="http://symfony.com/schema/dic 97AE /services
68+
http://symfony.com/schema/dic/services/services-1.0.xsd">
69+
70+
<config>
71+
<!-- ... -->
72+
73+
<acl>
74+
<connection>default</connection>
75+
</acl>
76+
</config>
77+
</srv:container>
6478
6579
.. code-block:: php
6680
6781
// app/config/security.php
6882
$container->loadFromExtension('security', 'acl', array(
83+
// ...
84+
6985
'connection' => 'default',
7086
));
7187

0 commit comments

Comments
 (0)
0