@@ -49,6 +49,48 @@ configuration looks like this:
4949 default :
5050 anonymous : ~
5151
52+ code-block :: xml
53+
54+ <!-- app/config/security.xml -->
55+ <?xml version =" 1.0" encoding =" UTF-8"
56+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
57+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
58+ xmlns : srv =" http://symfony.com/schema/dic/services"
59+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
60+
61+ <config >
62+ <provider name =" in_memory"
63+ <memory />
64+ </provider >
65+
66+ <firewall name =" dev" pattern =" ^/(_(profiler|wdt)|css|images|js)/" security =false />
67+
68+ <firewall name =" default"
69+ <anonymous />
70+ </firewall >
71+ </config >
72+ </srv : container >
73+
74+ code-block :: php
75+
76+ // app/config/security.php
77+ $container->loadFromExtension('security', array(
78+ 'providers' => array(
79+ 'in_memory' => array(
80+ 'memory' => array(),
81+ ),
82+ ),
83+ 'firewalls' => array(
84+ 'dev' => array(
85+ 'pattern' => '^/(_(profiler|wdt)|css|images|js)/',
86+ 'security' => false,
87+ ),
88+ 'default' => array(
89+ 'anonymous' => null,
90+ ),
91+ ),
92+ ));
93+
5294firewalls `` key is the *heart * of your security configuration. The
5395``dev `` firewall isn't important, it just makes sure that Symfony's development
5496tools - which live under URLs like ``/_profiler `` and ``/_wdt `` aren't blocked
@@ -96,6 +138,39 @@ To activate this, add the ``http_basic`` key under your firewall:
96138 anonymous : ~
97139 http_basic : ~
98140
141+ code-block :: xml
142+
143+ <!-- app/config/security.xml -->
144+ <?xml version =" 1.0" encoding =" UTF-8"
145+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
146+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
147+ xmlns : srv =" http://symfony.com/schema/dic/services"
148+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
149+
150+ <config >
151+ <!-- ... -->
152+
153+ <firewall name =" default"
154+ <anonymous />
155+ <http-basic />
156+ </firewall >
157+ </config >
158+ </srv : container >
159+
160+ code-block :: php
161+
162+ // app/config/security.php
163+ $container->loadFromExtension('security', array(
164+ // ...
165+ 'firewalls' => array(
166+ // ...
167+ 'default' => array(
168+ 'anonymous' => null,
169+ 'http_basic' => null,
170+ ),
171+ ),
172+ ));
173+
99174
100175a page. To make things interesting, create a new page at ``/admin ``. For
101176example, if you use annotations, create something like this::
@@ -131,9 +206,49 @@ user to be logged in to access this URL:
131206 # ...
132207
133208 access_control :
134- # require ROLE_ADMIN for /admin/ *
209+ # require ROLE_ADMIN for /admin*
135210 - { path: ^/admin, roles: ROLE_ADMIN }
136211
212+ code-block :: xml
213+
214+ <!-- app/config/security.xml -->
215+ <?xml version =" 1.0" encoding =" UTF-8"
216+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
217+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
218+ xmlns : srv =" http://symfony.com/schema/dic/services"
219+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
220+
221+ <config >
222+ <!-- ... -->
223+
224+ <firewall name =" default"
225+ <!-- ... -->
226+ </firewall >
227+
228+ <access-control >
229+ <!-- require ROLE_ADMIN for /admin* -->
230+ <rule path =" ^/admin" role =" ROLE_ADMIN"
231+ </access-control >
232+ </config >
233+ </srv : container >
234+
235+ code-block :: php
236+
237+ // app/config/security.php
238+ $container->loadFromExtension('security', array(
239+ // ...
240+ 'firewalls' => array(
241+ // ...
242+ 'default' => array(
243+ // ...
244+ ),
245+ ),
246+ 'access_control' => array(
247+ // require ROLE_ADMIN for /admin*
248+ array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
249+ ),
250+ ));
251+
137252note ::
138253
139254 You'll learn more about this ``ROLE_ADMIN `` thing and denying access
@@ -185,6 +300,50 @@ provider, but it's better to think of it as an "in configuration" provider:
185300 admin :
186301 password : kitten
187302 roles : ' ROLE_ADMIN'
303+ # ...
304+
305+ code-block :: xml
306+
307+ <!-- app/config/security.xml -->
308+ <?xml version =" 1.0" encoding =" UTF-8"
309+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
310+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
311+ xmlns : srv =" http://symfony.com/schema/dic/services"
312+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
313+
314+ <config >
315+ <provider name =" in_memory"
316+ <memory >
317+ <user name =" ryan" password =" ryanpass" roles =" ROLE_USER"
318+ <user name =" admin" password =" kitten" roles =" ROLE_ADMIN"
319+ </memory >
320+ </provider >
321+ <!-- ... -->
322+ </config >
323+ </srv : container >
324+
325+ code-block :: php
326+
327+ // app/config/security.php
328+ $container->loadFromExtension('security', array(
329+ 'providers' => array(
330+ 'in_memory' => array(
331+ 'memory' => array(
332+ 'users' => array(
333+ 'ryan' => array(
334+ 'password' => 'ryanpass',
335+ 'roles' => 'ROLE_USER',
336+ ),
337+ 'admin' => array(
338+ 'password' => 'kitten',
339+ 'roles' => 'ROLE_ADMIN',
340+ ),
341+ ),
342+ ),
343+ ),
344+ ),
345+ // ...
346+ ));
188347
189348firewalls ``, you can have multiple ``providers ``, but you'll
190349probably only need one. If you *do * have multiple, you can configure which
@@ -208,6 +367,37 @@ To fix this, add an ``encoders`` key:
208367
209368 encoders :
210369 Symfony\Component\Security\Core\User\User : plaintext
370+ # ...
371+
372+ code-block :: xml
373+
374+ <!-- app/config/security.xml -->
375+ <?xml version =" 1.0" encoding =" UTF-8"
376+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
377+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
378+ xmlns : srv =" http://symfony.com/schema/dic/services"
379+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
380+
381+ <config >
382+ <!-- ... -->
383+
384+ <encoder class =" Symfony\Component\Security\Core\User\User"
385+ algorithm =" plaintext"
386+ <!-- ... -->
387+ </config >
388+ </srv : container >
389+
390+ code-block :: php
391+
392+ // app/config/security.php
393+ $container->loadFromExtension('security', array(
394+ // ...
395+
396+ 'encoders' => array(
397+ 'Symfony\Component\Security\Core\User\User' => 'plaintext',
398+ ),
399+ // ...
400+ ));
211401
212402User `` object. If
213403you :doc: `load users from the database </cookbook/security/entity_provider >`
@@ -258,6 +448,39 @@ else, you'll want to encode their passwords. The best algorithm to use is
258448 algorithm : bcrypt
259449 cost : 12
260450
451+ code-block :: xml
452+
453+ <!-- app/config/security.xml -->
454+ <?xml version =" 1.0" encoding =" UTF-8"
455+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
456+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
457+ xmlns : srv =" http://symfony.com/schema/dic/services"
458+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
459+
460+ <config >
461+ <!-- ... -->
462+
463+ <encoder class =" Symfony\Component\Security\Core\User\User"
464+ algorithm =" bcrypt" cost =" 12"
465+ <!-- ... -->
466+ </config >
467+ </srv : container >
468+
469+ code-block :: php
470+
471+ // app/config/security.php
472+ $container->loadFromExtension('security', array(
473+ // ...
474+
475+ 'encoders' => array(
476+ 'Symfony\Component\Security\Core\User\User' => array(
477+ 'algorithm' => 'plaintext',
478+ 'cost' => 12,
479+ )
480+ ),
481+ // ...
482+ ));
483+
261484include :: /cookbook/security/_ircmaxwell_password-compat.rst.inc
262485
263486Of course, your user's passwords now need to be encoded with this exact algorithm.
@@ -283,6 +506,49 @@ like this:
283506 password : $2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G
284507 roles : ' ROLE_ADMIN'
285508
509+ code-block :: xml
510+
511+ <!-- app/config/security.xml -->
512+ <?xml version =" 1.0" encoding =" UTF-8"
513+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
514+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
515+ xmlns : srv =" http://symfony.com/schema/dic/services"
516+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
517+
518+ <config >
519+ <provider name =" in_memory"
520+ <memory >
521+ <user name =" ryan" password =" $2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli" roles =" ROLE_USER"
522+ <user name =" admin" password =" $2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G" roles =" ROLE_ADMIN"
523+ </memory >
524+ </provider >
525+ <!-- ... -->
526+ </config >
527+ </srv : container >
528+
529+ code-block :: php
530+
531+ // app/config/security.php
532+ $container->loadFromExtension('security', array(
533+ 'providers' => array(
534+ 'in_memory' => array(
535+ 'memory' => array(
536+ 'users' => array(
537+ 'ryan' => array(
538+ 'password' => '$2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli',
539+ 'roles' => 'ROLE_USER',
540+ ),
541+ 'admin' => array(
542+ 'password' => '$2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G',
543+ 'roles' => 'ROLE_ADMIN',
544+ ),
545+ ),
546+ ),
547+ ),
548+ ),
549+ // ...
550+ ));
551+
286552
287553(e.g. from a database), how can you programmatically encode the password
288554before inserting them into the database? Don't worry, see
@@ -404,9 +670,49 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
404670 # ...
405671
406672 access_control :
407- # require ROLE_ADMIN for /admin/ *
673+ # require ROLE_ADMIN for /admin*
408674 - { path: ^/admin, roles: ROLE_ADMIN }
409675
676+ code-block :: xml
677+
678+ <!-- app/config/security.xml -->
679+ <?xml version =" 1.0" encoding =" UTF-8"
680+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
681+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
682+ xmlns : srv =" http://symfony.com/schema/dic/services"
683+ xsi : schemaLocation =" http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"
684+
685+ <config >
686+ <!-- ... -->
687+
688+ <firewall name =" default"
689+ <!-- ... -->
690+ </firewall >
691+
692+ <access-control >
693+ <!-- require ROLE_ADMIN for /admin* -->
694+ <rule path =" ^/admin" role =" ROLE_ADMIN"
695+ </access-control >
696+ </config >
697+ </srv : container >
698+
699+ code-block :: php
700+
701+ // app/config/security.php
702+ $container->loadFromExtension('security', array(
703+ // ...
704+ 'firewalls' => array(
705+ // ...
706+ 'default' => array(
707+ // ...
708+ ),
709+ ),
710+ 'access_control' => array(
711+ // require ROLE_ADMIN for /admin*
712+ array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
713+ ),
714+ ));
715+
410716
411717to :ref: `secure your individual controllers <book-security-securing-controller >`
412718as well.
0 commit comments