8000 [Security] fixed XML config by HeahDude · Pull Request #13147 · symfony/symfony-docs · GitHub
[go: up one dir, main page]
Skip to content

[Security] fixed XML config #13147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 16, 2020
Merged

[Security] fixed XML config #13147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions security/custom_authentication_provider.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ the value returned for the expected WSSE information, creates a token using
that information, and passes the token on to the authentication manager. If
the proper information is not provided, or the authentication manager throws
an :class:`Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException`,
a 403 Response is returned.
a 401 Response is returned.

.. note::

Expand All @@ -188,7 +188,7 @@ a 403 Response is returned.

Returning prematurely from the listener is relevant only if you want to chain
authentication providers (for example to allow anonymous users). If you want
to forbid access to anonymous users and have a nice 403 error, you should set
to forbid access to anonymous users and have a 404 error, you should set
the status code of the response before returning.

The Authentication Provider
Expand Down
5 changes: 3 additions & 2 deletions security/entity_provider.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,9 +246,10 @@ the username and then check the password (more on passwords in a moment):
<!-- ... -->

<provider name="our_db_provider">
<!-- if you're using multiple entity managers, add:
manager-name="customer" -->
<entity class="AppBundle:User" property="username"/>

<!-- if you're using multiple entity managers
<entity class="AppBundle:User" property="username" manager-name="customer"/> -->
</provider>

<firewall name="main" pattern="^/" provider="our_db_provider">
Expand Down
4 changes: 2 additions & 2 deletions security/force_https.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ to use HTTPS then you could use the following configuration:
<config>
<!-- ... -->

<rule path="^/secure" role="ROLE_ADMIN" requires_channel="https"/>
<rule path="^/secure" role="ROLE_ADMIN" requires-channel="https"/>
</config>
</srv:container>

Expand Down Expand Up @@ -83,7 +83,7 @@ role:

<rule path="^/login"
role="IS_AUTHENTICATED_ANONYMOUSLY"
requires_channel="https"
requires-channel="https"
/>
</config>
</srv:container>
Expand Down
31 changes: 16 additions & 15 deletions security/guard_authentication.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ Next, make sure you've configured a "user provider" for the user:
<!-- ... -->

<provider name="your_db_provider">
<entity class="AppBundle:User"/>
<entity class="AppBundle:User" property="apiKey"/>
</provider>

<!-- ... -->
Expand All @@ -133,6 +133,7 @@ Next, make sure you've configured a "user provider" for the user:
'your_db_provider' => [
'entity' => [
'class' => 'AppBundle:User',
'property' => 'apiKey',
],
],
],
Expand Down Expand Up @@ -187,21 +188,18 @@ This requires you to implement several methods::
*/
public function getCredentials(Request $request)
{
return [
'token' => $request->headers->get('X-AUTH-TOKEN'),
];
return $request->headers->get('X-AUTH-TOKEN');
}

public function getUser($credentials, UserProviderInterface $userProvider)
{
$apiKey = $credentials['token'];

if (null === $apiKey) {
if (null === $credentials) {
// The token header was empty, authentication fails with 401
return;
}

// if a User object, checkCredentials() is called
return $userProvider->loadUserByUsername($apiKey);
// if a User is returned, checkCredentials() is called
return $userProvider->loadUserByUsername($credentials);
}

public function checkCredentials($credentials, UserInterface $user)
Expand All @@ -222,13 +220,14 @@ This requires you to implement several methods::
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$data = [
// you may ant to customize or obfuscate the message first
'message' => strtr($exception->getMessageKey(), $exception->getMessageData())

// or to translate this message
// $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
];

return new JsonResponse($data, Response::HTTP_FORBIDDEN);
return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
}

/**
Expand Down Expand Up @@ -303,11 +302,11 @@ Finally, configure your ``firewalls`` key in ``security.yml`` to use this authen
<config>
<!-- ... -->

<firewall name="main"
pattern="^/"
anonymous="true"
>
<logoutOjso/>
<!-- if you want, disable storing the user in the session
add 'stateless="true"' to the firewall -->
<firewall name="main" pattern="^/">
<anonymous/>
<logout/>

<guard>
<authenticator>AppBundle\Security\TokenAuthenticator</authenticator>
Expand Down Expand Up @@ -336,6 +335,8 @@ Finally, configure your ``firewalls`` key in ``security.yml`` to use this authen
TokenAuthenticator::class,
],
],
// if you want, disable storing the user in the session
// 'stateless' => true,
// ...
],
],
Expand Down
4 changes: 2 additions & 2 deletions security/json_login_setup.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,8 +184,8 @@ The security configuration should be:
<firewall name="main">
<anonymous/>
<json-login check-path="login"
username-path="security.credentials.login"
password-path="security.credentials.password"/>
username-path="security.credentials.login"
password-path="security.credentials.password"/>
</firewall>
</config>
</srv:container>
Expand Down
44 changes: 23 additions & 21 deletions security/ldap.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,20 +152,19 @@ use the ``ldap`` user provider.

<config>
<provider name="my_ldap">
<ldap
service="Symfony\Component\Ldap\Ldap"
base-dn="dc=example,dc=com"
search-dn="cn=read-only-admin,dc=example,dc=com"
search-password="password"
default-roles="ROLE_USER"
uid-key="uid"
/>
<ldap service="Symfony\Component\Ldap\Ldap"
base-dn="dc=example,dc=com"
search-dn="cn=read-only-admin,dc=example,dc=com"
search-password="password"
default-roles="ROLE_USER"
uid-key="uid"/>
</provider>
</config>
</srv:container>

.. code-block:: php

// app/config/security.php
use Symfony\Component\Ldap\Ldap;

$container->loadFromExtension('security', [
Expand Down Expand Up @@ -358,15 +357,15 @@ Configuration example for form login

<config>
<firewall name="main">
<form-login-ldap
service="Symfony\Component\Ldap\Ldap"
dn-string="uid={username},dc=example,dc=com"/>
<form-login-ldap service="Symfony\Component\Ldap\Ldap"
dn-string="uid={username},dc=example,dc=com"/>
</firewall>
</config>
</srv:container>

.. code-block:: php

// app/config/security.php
use Symfony\Component\Ldap\Ldap;

$container->loadFromExtension('security', [
Expand Down Expand Up @@ -394,9 +393,8 @@ Configuration example for HTTP Basic

firewalls:
main:
# ...
stateless: true
http_basic_ldap:
# ...
service: Symfony\Component\Ldap\Ldap
dn_string: 'uid={username},dc=example,dc=com'

Expand All @@ -411,23 +409,28 @@ Configuration example for HTTP Basic
https://symfony.com/schema/dic/services/services-1.0.xsd">

<config>
<!-- ... -->

<firewall name="main" stateless="true">
<http-basic-ldap service="Symfony\Component\Ldap\Ldap" dn-string="uid={username},dc=example,dc=com"/>
<http-basic-ldap service="Symfony\Component\Ldap\Ldap"
dn-string="uid={username},dc=example,dc=com"/>
</firewall>
</config>
</srv:container>

.. code-block:: php

// app/config/security.php
use Symfony\Component\Ldap\Ldap;

$container->loadFromExtension('security', [
// ...

'firewalls' => [
'main' => [
'http_basic_ldap' => [
'service' => Ldap::class,
'dn_string' => 'uid={username},dc=example,dc=com',
// ...
],
'stateless' => true,
],
Expand All @@ -449,7 +452,6 @@ Configuration example for form login and query_string
main:
# ...
form_login_ldap:
# ...
service: Symfony\Component\Ldap\Ldap
dn_string: 'dc=example,dc=com'
query_string: '(&(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))'
Expand All @@ -466,10 +468,10 @@ Configuration example for form login and query_string

<config>
<firewall name="main">
<form-login-ldap
service="Symfony\Component\Ldap\Ldap"
dn-string="dc=example,dc=com"
query-string="(&amp;(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))"/>
<!-- ... -->
<form-login-ldap service="Symfony\Component\Ldap\Ldap"
dn-string="dc=example,dc=com"
query-string="(&amp;(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))"/>
</firewall>
</config>
</srv:container>
Expand All @@ -482,11 +484,11 @@ Configuration example for form login and query_string
$container->loadFromExtension('security', [
'firewalls' => [
'main' => [
// ...
'form_login_ldap' => [
'service' => Ldap::class,
'dn_string' => 'dc=example,dc=com',
'query_string' => '(&(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))',
// ...
],
],
]
Expand Down
2 changes: 1 addition & 1 deletion security/multiple_guard_authenticators.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ This is how your security configuration can look in action:
'default' => [
'anonymous' => null,
'guard' => [
'entry_point' => '',
'entry_point' => LoginFormAuthenticator::class,
'authenticators' => [
LoginFormAuthenticator::class,
FacebookConnectAuthenticator::class,
Expand Down
1 change: 0 additions & 1 deletion security/multiple_user_providers.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,6 @@ the first provider is always used:
'pattern' => '^/',
'provider' => 'user_db',
'http_basic' => [
// ...
'realm' => 'Secured Demo Area',
'provider' => 'in_memory',
],
Expand Down
6 changes: 4 additions & 2 deletions security/remember_me.rst
View file
Open in desktop