@@ -49,6 +49,48 @@ configuration looks like this:
49
49
default :
50
50
anonymous : ~
51
51
52
+ .. code-block :: xml
53
+
54
+ <!-- app/config/security.xml -->
55
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
56
+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
57
+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
58
+ xmlns : srv =" http://symfony.com/schema/dic/services"
59
+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd" >
60
+
61
+ <config >
62
+ <provider name =" in_memory" >
63
+ <memory />
64
+ </provider >
65
+
66
+ <firewall name =" dev" pattern =" ^/(_(profiler|wdt)|css|images|js)/" security =false />
67
+
68
+ <firewall name =" default" >
69
+ <anonymous />
70
+ </firewall >
71
+ </config >
72
+ </srv : container >
73
+
74
+ .. code-block :: php
75
+
76
+ // app/config/security.php
77
+ $container->loadFromExtension('security', array(
78
+ 'providers' => array(
79
+ 'in_memory' => array(
80
+ 'memory' => array(),
81
+ ),
82
+ ),
83
+ 'firewalls' => array(
84
+ 'dev' => array(
85
+ 'pattern' => '^/(_(profiler|wdt)|css|images|js)/',
86
+ 'security' => false,
87
+ ),
88
+ 'default' => array(
89
+ 'anonymous' => null,
90
+ ),
91
+ ),
92
+ ));
93
+
52
94
The ``firewalls `` key is the *heart * of your security configuration. The
53
95
``dev `` firewall isn't important, it just makes sure that Symfony's development
54
96
tools - which live under URLs like ``/_profiler `` and ``/_wdt `` aren't blocked
@@ -96,6 +138,39 @@ To activate this, add the ``http_basic`` key under your firewall:
96
138
anonymous : ~
97
139
http_basic : ~
98
140
141
+ .. code-block :: xml
142
+
143
+ <!-- app/config/security.xml -->
144
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
145
+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
146
+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
147
+ xmlns : srv =" http://symfony.com/schema/dic/services"
148
+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd" >
149
+
150
+ <config >
151
+ <!-- ... -->
152
+
153
+ <firewall name =" default" >
154
+ <anonymous />
155
+ <http-basic />
156
+ </firewall >
157
+ </config >
158
+ </srv : container >
159
+
160
+ .. code-block :: php
161
+
162
+ // app/config/security.php
163
+ $container->loadFromExtension('security', array(
164
+ // ...
165
+ 'firewalls' => array(
166
+ // ...
167
+ 'default' => array(
168
+ 'anonymous' => null,
169
+ 'http_basic' => null,
170
+ ),
171
+ ),
172
+ ));
173
+
99
174
Simple! To try this, you need to require the user to be logged in to see
100
175
a page. To make things interesting, create a new page at ``/admin ``. For
101
176
example, if you use annotations, create something like this::
@@ -131,9 +206,49 @@ user to be logged in to access this URL:
131
206
# ...
132
207
133
208
access_control :
134
- # require ROLE_ADMIN for /admin/ *
209
+ # require ROLE_ADMIN for /admin*
135
210
- { path: ^/admin, roles: ROLE_ADMIN }
136
211
212
+ .. code-block :: xml
213
+
214
+ <!-- app/config/security.xml -->
215
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
216
+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
217
+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
218
+ xmlns : srv =" http://symfony.com/schema/dic/services"
219
+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd" >
220
+
221
+ <config >
222
+ <!-- ... -->
223
+
224
+ <firewall name =" default" >
225
+ <!-- ... -->
226
+ </firewall >
227
+
228
+ <access-control >
229
+ <!-- require ROLE_ADMIN for /admin* -->
230
+ <rule path =" ^/admin" role =" ROLE_ADMIN" />
231
+ </access-control >
232
+ </config >
233
+ </srv : container >
234
+
235
+ .. code-block :: php
236
+
237
+ // app/config/security.php
238
+ $container->loadFromExtension('security', array(
239
+ // ...
240
+ 'firewalls' => array(
241
+ // ...
242
+ 'default' => array(
243
+ // ...
244
+ ),
245
+ ),
246
+ 'access_control' => array(
247
+ // require ROLE_ADMIN for /admin*
248
+ array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
249
+ ),
250
+ ));
251
+
137
252
.. note ::
138
253
139
254
You'll learn more about this ``ROLE_ADMIN `` thing and denying access
@@ -185,6 +300,50 @@ provider, but it's better to think of it as an "in configuration" provider:
185
300
admin :
186
301
password : kitten
187
302
roles : ' ROLE_ADMIN'
303
+ # ...
304
+
305
+ .. code-block :: xml
306
+
307
+ <!-- app/config/security.xml -->
308
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
309
+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
310
+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
311
+ xmlns : srv =" http://symfony.com/schema/dic/services"
312
+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd" >
313
+
314
+ <config >
315
+ <provider name =" in_memory" >
316
+ <memory >
317
+ <user name =" ryan" password =" ryanpass" roles =" ROLE_USER" />
318
+ <user name =" admin" password =" kitten" roles =" ROLE_ADMIN" />
319
+ </memory >
320
+ </provider >
321
+ <!-- ... -->
322
+ </config >
323
+ </srv : container >
324
+
325
+ .. code-block :: php
326
+
327
+ // app/config/security.php
328
+ $container->loadFromExtension('security', array(
329
+ 'providers' => array(
330
+ 'in_memory' => array(
331
+ 'memory' => array(
332
+ 'users' => array(
333
+ 'ryan' => array(
334
+ 'password' => 'ryanpass',
335
+ 'roles' => 'ROLE_USER',
336
+ ),
337
+ 'admin' => array(
338
+ 'password' => 'kitten',
339
+ 'roles' => 'ROLE_ADMIN',
340
+ ),
341
+ ),
342
+ ),
343
+ ),
344
+ ),
345
+ // ...
346
+ ));
188
347
189
348
Like with ``firewalls ``, you can have multiple ``providers ``, but you'll
190
349
probably only need one. If you *do * have multiple, you can configure which
@@ -208,6 +367,37 @@ To fix this, add an ``encoders`` key:
208
367
209
368
encoders :
210
369
Symfony\Component\Security\Core\User\User : plaintext
370
+ # ...
371
+
372
+ .. code-block :: xml
373
+
374
+ <!-- app/config/security.xml -->
375
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
376
+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
377
+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
378
+ xmlns : srv =" http://symfony.com/schema/dic/services"
379
+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd" >
380
+
381
+ <config >
382
+ <!-- ... -->
383
+
384
+ <encoder class =" Symfony\Component\Security\Core\User\User"
385
+ algorithm =" plaintext" />
386
+ <!-- ... -->
387
+ </config >
388
+ </srv : container >
389
+
390
+ .. code-block :: php
391
+
392
+ // app/config/security.php
393
+ $container->loadFromExtension('security', array(
394
+ // ...
395
+
396
+ 'encoders' => array(
397
+ 'Symfony\Component\Security\Core\User\User' => 'plaintext',
398
+ ),
399
+ // ...
400
+ ));
211
401
212
402
User providers load user information and put it into a ``User `` object. If
213
403
you :doc: `load users from the database </cookbook/security/entity_provider >`
@@ -258,6 +448,39 @@ else, you'll want to encode their passwords. The best algorithm to use is
258
448
algorithm : bcrypt
259
449
cost : 12
260
450
451
+ .. code-block :: xml
452
+
453
+ <!-- app/config/security.xml -->
454
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
455
+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
456
+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
457
+ xmlns : srv =" http://symfony.com/schema/dic/services"
458
+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd" >
459
+
460
+ <config >
461
+ <!-- ... -->
462
+
463
+ <encoder class =" Symfony\Component\Security\Core\User\User"
464
+ algorithm =" bcrypt" cost =" 12" />
465
+ <!-- ... -->
466
+ </config >
467
+ </srv : container >
468
+
469
+ .. code-block :: php
470
+
471
+ // app/config/security.php
472
+ $container->loadFromExtension('security', array(
473
+ // ...
474
+
475
+ 'encoders' => array(
476
+ 'Symfony\Component\Security\Core\User\User' => array(
477
+ 'algorithm' => 'plaintext',
478
+ 'cost' => 12,
479
+ )
480
+ ),
481
+ // ...
482
+ ));
483
+
261
484
.. include :: /cookbook/security/_ircmaxwell_password-compat.rst.inc
262
485
263
486
Of course, your user's passwords now need to be encoded with this exact algorithm.
@@ -283,6 +506,49 @@ like this:
283
506
password : $2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G
284
507
roles : ' ROLE_ADMIN'
285
508
509
+ .. code-block :: xml
510
+
511
+ <!-- app/config/security.xml -->
512
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
513
+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
514
+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
515
+ xmlns : srv =" http://symfony.com/schema/dic/services"
516
+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd" >
517
+
518
+ <config >
519
+ <provider name =" in_memory" >
520
+ <memory >
521
+ <user name =" ryan" password =" $2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli" roles =" ROLE_USER" />
522
+ <user name =" admin" password =" $2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G" roles =" ROLE_ADMIN" />
523
+ </memory >
524
+ </provider >
525
+ <!-- ... -->
526
+ </config >
527
+ </srv : container >
528
+
529
+ .. code-block :: php
530
+
531
+ // app/config/security.php
532
+ $container->loadFromExtension('security', array(
533
+ 'providers' => array(
534
+ 'in_memory' => array(
535
+ 'memory' => array(
536
+ 'users' => array(
537
+ 'ryan' => array(
538
+ 'password' => '$2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli',
539
+ 'roles' => 'ROLE_USER',
540
+ ),
541
+ 'admin' => array(
542
+ 'password' => '$2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G',
543
+ 'roles' => 'ROLE_ADMIN',
544
+ ),
545
+ ),
546
+ ),
547
+ ),
548
+ ),
549
+ // ...
550
+ ));
551
+
286
552
Everything will now work exactly like before. But if you have dynamic users
287
553
(e.g. from a database), how can you programmatically encode the password
288
554
before inserting them into the database? Don't worry, see
@@ -404,9 +670,49 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
404
670
# ...
405
671
406
672
access_control :
407
- # require ROLE_ADMIN for /admin/ *
673
+ # require ROLE_ADMIN for /admin*
408
674
- { path: ^/admin, roles: ROLE_ADMIN }
409
675
676
+ .. code-block :: xml
677
+
678
+ <!-- app/config/security.xml -->
679
+ <?xml version =" 1.0" encoding =" UTF-8" ?>
680
+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
681
+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
682
+ xmlns : srv =" http://symfony.com/schema/dic/services"
683
+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd" >
684
+
685
+ <config >
686
+ <!-- ... -->
687
+
688
+ <firewall name =" default" >
689
+ <!-- ... -->
690
+ </firewall >
691
+
692
+ <access-control >
693
+ <!-- require ROLE_ADMIN for /admin* -->
694
+ <rule path =" ^/admin" role =" ROLE_ADMIN" />
695
+ </access-control >
696
+ </config >
697
+ </srv : container >
698
+
699
+ .. code-block :: php
700
+
701
+ // app/config/security.php
702
+ $container->loadFromExtension('security', array(
703
+ // ...
704
+ 'firewalls' => array(
705
+ // ...
706
+ 'default' => array(
707
+ // ...
708
+ ),
709
+ ),
710
+ 'access_control' => array(
711
+ // require ROLE_ADMIN for /admin*
712
+ array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
713
+ ),
714
+ ));
715
+
410
716
This is great for securing entire sections, but you'll also probably want
411
717
to :ref: `secure your individual controllers <book-security-securing-controller >`
412
718
as well.
0 commit comments