8000 Merge branch '3.0' into 3.1 · symfony/symfony-docs@5eca931 · GitHub
[go: up one dir, main page]
Skip to content

Commit 5eca931

Browse files
wouterjwouterj
committed
Merge branch '3.0' into 3.1
2 parents c5754ef + 61cb386 commit 5eca931

File tree

3 files changed

+58
-22
lines changed

3 files changed

+58
-22
lines changed

cookbook/configuration/micro-kernel-trait.rst

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -188,15 +188,12 @@ to hold the kernel. Now it looks like this::
188188
{
189189
// import the WebProfilerRoutes, only if the bundle is enabled
190190
if (isset($this->bundles['WebProfilerBundle'])) {
191-
$routes->mount('/_wdt', $routes->import('@WebProfilerBundle/Resources/config/routing/wdt.xml'));
192-
$routes->mount('/_profiler', $routes->import('@WebProfilerBundle/Resources/config/routing/profiler.xml'));
191+
$routes->import('@WebProfilerBundle/Resources/config/routing/wdt.xml', '/_wdt');
192+
$routes->import('@WebProfilerBundle/Resources/config/routing/profiler.xml', '/_profiler');
193193
}
194194

195195
// load the annotation routes
196-
$routes->mount(
197-
'/',
198-
$routes->import(__DIR__.'/../src/App/Controller/', '/', 'annotation')
199-
);
196+
$routes->import(__DIR__.'/../src/App/Controller/', '/', 'annotation');
200197
}
201198
}
202199

cookbook/security/api_key_authentication.rst

Lines changed: 55 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ value and then a User object is created::
4747
// $apiKey = $request->headers->get('apikey');
4848

4949
if (!$apiKey) {
50-
throw new BadCredentialsException('No API key found');
50+
throw new BadCredentialsException();
5151

5252
// or to just skip api key authentication
5353
// return null;
@@ -60,6 +60,11 @@ value and then a User object is created::
6060
);
6161
}
6262

63+
public function supportsToken(TokenInterface $token, $providerKey)
64+
{
65+
return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
66+
}
67+
6368
public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
6469
{
6570
if (!$userProvider instanceof ApiKeyUserProvider) {
@@ -91,16 +96,11 @@ value and then a User object is created::
9196
$user->getRoles()
9297
);
9398
}
94-
95-
public function supportsToken(TokenInterface $token, $providerKey)
96-
{
97-
return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
98-
}
9999
}
100100

101101
Once you've :ref:`configured <cookbook-security-api-key-config>` everything,
102102
you'll be able to authenticate by adding an apikey parameter to the query
103-
string, like ``http://example.com/admin/foo?apikey=37b51d194a7513e45b56f6524f2d51f2``.
103+
string, like ``http://example.com/api/foo?apikey=37b51d194a7513e45b56f6524f2d51f2``.
104104

105105
The authentication process has several steps, and your implementation will
106106
probably differ:
@@ -185,7 +185,7 @@ The ``$userProvider`` might look something like this::
185185
null,
186186
// the roles for the user - you may choose to determine
187187
// these dynamically somehow based on the user
188-
array('ROLE_USER')
188+
array('ROLE_API')
189189
);
190190
}
191191

@@ -257,6 +257,7 @@ would allow you to have custom data on the ``User`` object.
257257

258258
Finally, just make sure that ``supportsClass()`` returns ``true`` for User
259259
objects with the same class as whatever user you return in ``loadUserByUsername()``.
260+
260261
If your authentication is stateless like in this example (i.e. you expect
261262
the user to send the API key with every request and so you don't save the
262263
login to the session), then you can simply throw the ``UnsupportedUserException``
@@ -270,7 +271,7 @@ exception in ``refreshUser()``.
270271
Handling Authentication Failure
271272
-------------------------------
272273

273-
In order for your ``ApiKeyAuthenticator`` to correctly display a 403
274+
In order for your ``ApiKeyAuthenticator`` to correctly display a 401
274275
http status when either bad credentials or authentication fails you will
275276
need to implement the :class:`Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationFailureHandlerInterface` on your
276277
Authenticator. This will provide a method ``onAuthenticationFailure`` which
@@ -297,7 +298,7 @@ you can use to create an error ``Response``.
297298
// this contains information about *why* authentication failed
298299
// use it, or return your own message
299300
strtr($exception->getMessageKey(), $exception->getMessageData()),
300-
403
301+
401
301302
);
302303
}
303304
}
@@ -366,7 +367,7 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
366367
367368
firewalls:
368369
secured_area:
369-
pattern: ^/admin
370+
pattern: ^/api
370371
stateless: true
371372
simple_preauth:
372373
authenticator: apikey_authenticator
@@ -389,7 +390,7 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
389390
<!-- ... -->
390391
391392
<firewall name="secured_area"
392-
pattern="^/admin"
393+
pattern="^/api"
393394
stateless="true"
394395
provider="api_key_user_provider"
395396
>
@@ -409,7 +410,7 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
409410
$container->loadFromExtension('security', array(
410411
'firewalls' => array(
411412
'secured_area' => array(
412-
'pattern' => '^/admin',
413+
'pattern' => '^/api',
413414
'stateless' => true,
414415
'simple_preauth' => array(
415416
'authenticator' => 'apikey_authenticator',
@@ -424,6 +425,44 @@ using the ``simple_preauth`` and ``provider`` keys respectively:
424425
),
425426
));
426427
428+
If you have defined ``access_control``, make sure to add a new entry:
429+
430+
.. configuration-block::
431+
432+
.. code-block:: yaml
433+
434+
# app/config/security.yml
435+
security:
436+
# ...
437+
438+
access_control:
439+
- { path: ^/api, roles: ROLE_API }
440+
441+
.. code-block:: xml
442+
443+
<!-- app/config/security.xml -->
444+
<?xml version="1.0" encoding="UTF-8"?>
445+
<srv:container xmlns="http://symfony.com/schema/dic/security"
446+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
447+
xmlns:srv="http://symfony.com/schema/dic/services"
448+
xsi:schemaLocation="http://symfony.com/schema/dic/services
449+
http://symfony.com/schema/dic/services/services-1.0.xsd">
450+
451+
<rule path="^/api" role="ROLE_API" />
452+
</srv:container>
453+
454+
.. code-block:: php
455+
456+
// app/config/security.php
457+
$container->loadFromExtension('security', array(
458+
'access_control' => array(
459+
array(
460+
'path' => '^/api',
461+
'role' => 'ROLE_API',
462+
),
463+
),
464+
));
465+
427466
That's it! Now, your ``ApiKeyAuthenticator`` should be called at the beginning
428467
of each request and your authentication process will take place.
429468

@@ -456,7 +495,7 @@ configuration or set it to ``false``:
456495
457496
firewalls:
458497
secured_area:
459-
pattern: ^/admin
498+
pattern: ^/api
460499
stateless: false
461500
simple_preauth:
462501
authenticator: apikey_authenticator
@@ -479,7 +518,7 @@ configuration or set it to ``false``:
479518
<!-- ... -->
480519
481520
<firewall name="secured_area"
482-
pattern="^/admin"
521+
pattern="^/api"
483522
stateless="false"
484523
provider="api_key_user_provider"
485524
>
@@ -498,7 +537,7 @@ configuration or set it to ``false``:
498537
$container->loadFromExtension('security', array(
499538
'firewalls' => array(
500539
'secured_area' => array(
501-
'pattern' => '^/admin',
540+
'pattern' => '^/api',
502541
'stateless' => false,
503542
'simple_preauth' => array(
504543
'authenticator' => 'apikey_authenticator',

images/book/security_http_basic_popup.png

-564 Bytes
Loading

0 commit comments

Comments
 (0)
0