Commit9099cf2

committed

review all Security code blocks

1 parent6a34332 commit9099cf2Copy full SHA for 9099cf2

File tree

16 files changed

+615

-286

lines changed

16 files changed

+615

-286

lines changed

`‎book/security.rst`

Lines changed: 45 additions & 24 deletions

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ configuration looks like this:`
`67`	`67`
`68`	`68`	`<firewallname="dev"`
`69`	`69`	`pattern="^/(_(profiler\|wdt)\|css\|images\|js)/"`
`70`		`-security=false />`
	`70`	`+security="false" />`
`71`	`71`
`72`	`72`	`<firewallname="default">`
`73`	`73`	`<anonymous />`
`@@ -81,7 +81,7 @@ configuration looks like this:`
`81`	`81`	`$container->loadFromExtension('security', array(`
`82`	`82`	`'providers' => array(`
`83`	`83`	`'in_memory' => array(`
`84`		`- 'memory' =>array(),`
	`84`	`+ 'memory' =>null,`
`85`	`85`	`),`
`86`	`86`	`),`
`87`	`87`	`'firewalls' => array(`
`@@ -209,6 +209,8 @@ user to be logged in to access this URL:`
`209`	`209`	`# ...`
`210`	`210`	`firewalls:`
`211`	`211`	`# ...`
	`212`	`+default:`
	`213`	`+# ...`
`212`	`214`
`213`	`215`	`access_control:`
`214`	`216`	`# require ROLE_ADMIN for /admin*`
`@@ -231,10 +233,8 @@ user to be logged in to access this URL:`
`231`	`233`	`<!-- ...-->`
`232`	`234`	`</firewall>`
`233`	`235`
`234`		`- <access-control>`
`235`		`-<!-- require ROLE_ADMIN for /admin*-->`
`236`		`- <rulepath="^/admin"role="ROLE_ADMIN" />`
`237`		`- </access-control>`
	`236`	`+<!-- require ROLE_ADMIN for /admin*-->`
	`237`	`+ <rulepath="^/admin"role="ROLE_ADMIN" />`
`238`	`238`	`</config>`
`239`	`239`	`</srv:container>`
`240`	`240`
`@@ -541,20 +541,23 @@ like this:`
`541`	`541`	`http://symfony.com/schema/dic/services/services-1.0.xsd">`
`542`	`542`
`543`	`543`	`<config>`
	`544`	`+<!-- ...-->`
	`545`	`+`
`544`	`546`	`<providername="in_memory">`
`545`	`547`	`<memory>`
`546`	`548`	`<username="ryan"password="$2a$12$LCY0MefVIEc3TYPHV9SNnuzOfyr2p/AXIGoQJEDs4am4JwhNz/jli"roles="ROLE_USER" />`
`547`	`549`	`<username="admin"password="$2a$12$cyTWeE9kpq1PjqKFiWUZFuCRPwVyAZwm4XzMZ1qPUFl7/flCM3V0G"roles="ROLE_ADMIN" />`
`548`	`550`	`</memory>`
`549`	`551`	`</provider>`
`550`		`-<!-- ...-->`
`551`	`552`	`</config>`
`552`	`553`	`</srv:container>`
`553`	`554`
`554`	`555`	`..code-block::php`
`555`	`556`
`556`	`557`	`// app/config/security.php`
`557`	`558`	`$container->loadFromExtension('security', array(`
	`559`	`+ // ...`
	`560`	`+`
`558`	`561`	`'providers' => array(`
`559`	`562`	`'in_memory' => array(`
`560`	`563`	`'memory' => array(`
`@@ -691,8 +694,11 @@ URL pattern. You saw this earlier, where anything matching the regular expressio`
`691`	`694`	`# app/config/security.yml`
`692`	`695`	`security:`
`693`	`696`	`# ...`
	`697`	`+`
`694`	`698`	`firewalls:`
`695`	`699`	`# ...`
	`700`	`+default:`
	`701`	`+# ...`
`696`	`702`
`697`	`703`	`access_control:`
`698`	`704`	`# require ROLE_ADMIN for /admin*`
`@@ -715,10 +721,8 @@ URL pattern. You saw this earlier, where anything matching the regular expressio`
`715`	`721`	`<!-- ...-->`
`716`	`722`	`</firewall>`
`717`	`723`
`718`		`- <access-control>`
`719`		`-<!-- require ROLE_ADMIN for /admin*-->`
`720`		`- <rulepath="^/admin"role="ROLE_ADMIN" />`
`721`		`- </access-control>`
	`724`	`+<!-- require ROLE_ADMIN for /admin*-->`
	`725`	`+ <rulepath="^/admin"role="ROLE_ADMIN" />`
`722`	`726`	`</config>`
`723`	`727`	`</srv:container>`
`724`	`728`
`@@ -727,6 +731,7 @@ URL pattern. You saw this earlier, where anything matching the regular expressio`
`727`	`731`	`// app/config/security.php`
`728`	`732`	`$container->loadFromExtension('security', array(`
`729`	`733`	`// ...`
	`734`	`+`
`730`	`735`	`'firewalls' => array(`
`731`	`736`	`// ...`
`732`	`737`	`'default' => array(`
`@@ -755,6 +760,7 @@ matches the URL.`
`755`	`760`	`# app/config/security.yml`
`756`	`761`	`security:`
`757`	`762`	`# ...`
	`763`	`+`
`758`	`764`	`access_control:`
`759`	`765`	`-{ path: ^/admin/users, roles: ROLE_SUPER_ADMIN }`
`760`	`766`	`-{ path: ^/admin, roles: ROLE_ADMIN }`
`@@ -771,10 +777,9 @@ matches the URL.`
`771`	`777`
`772`	`778`	`<config>`
`773`	`779`	`<!-- ...-->`
`774`		`- <access-control>`
`775`		`- <rulepath="^/admin/users"role="ROLE_SUPER_ADMIN" />`
`776`		`- <rulepath="^/admin"role="ROLE_ADMIN" />`
`777`		`- </access-control>`
	`780`	`+`
	`781`	`+ <rulepath="^/admin/users"role="ROLE_SUPER_ADMIN" />`
	`782`	`+ <rulepath="^/admin"role="ROLE_ADMIN" />`
`778`	`783`	`</config>`
`779`	`784`	`</srv:container>`
`780`	`785`
`@@ -783,6 +788,7 @@ matches the URL.`
`783`	`788`	`// app/config/security.php`
`784`	`789`	`$container->loadFromExtension('security', array(`
`785`	`790`	`// ...`
	`791`	`+`
`786`	`792`	`'access_control' => array(`
`787`	`793`	`array('path' => '^/admin/users', 'role' => 'ROLE_SUPER_ADMIN'),`
`788`	`794`	`array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),`
`@@ -1037,13 +1043,14 @@ the firewall can handle this automatically for you when you activate the`
`1037`	`1043`
`1038`	`1044`	`# app/config/security.yml`
`1039`	`1045`	`security:`
	`1046`	`+# ...`
	`1047`	`+`
`1040`	`1048`	`firewalls:`
`1041`	`1049`	`secured_area:`
`1042`	`1050`	`# ...`
`1043`	`1051`	`logout:`
`1044`	`1052`	`path:/logout`
`1045`	`1053`	`target:/`
`1046`		`-# ...`
`1047`	`1054`
`1048`	`1055`	`..code-block::xml`
`1049`	`1056`
`@@ -1056,25 +1063,27 @@ the firewall can handle this automatically for you when you activate the`
`1056`	`1063`	`http://symfony.com/schema/dic/services/services-1.0.xsd">`
`1057`	`1064`
`1058`	`1065`	`<config>`
`1059`		`- <firewallname="secured_area"pattern="^/">`
	`1066`	`+<!-- ...-->`
	`1067`	`+`
	`1068`	`+ <firewallname="secured_area">`
`1060`	`1069`	`<!-- ...-->`
`1061`	`1070`	`<logoutpath="/logout"target="/" />`
`1062`	`1071`	`</firewall>`
`1063`		`-<!-- ...-->`
`1064`	`1072`	`</config>`
`1065`	`1073`	`</srv:container>`
`1066`	`1074`
`1067`	`1075`	`..code-block::php`
`1068`	`1076`
`1069`	`1077`	`// app/config/security.php`
`1070`	`1078`	`$container->loadFromExtension('security', array(`
	`1079`	`+ // ...`
	`1080`	`+`
`1071`	`1081`	`'firewalls' => array(`
`1072`	`1082`	`'secured_area' => array(`
`1073`	`1083`	`// ...`
`1074`		`- 'logout' => array('path' => 'logout', 'target' => '/'),`
	`1084`	`+ 'logout' => array('path' => '/logout', 'target' => '/'),`
`1075`	`1085`	`),`
`1076`	`1086`	`),`
`1077`		`- // ...`
`1078`	`1087`	`));`
`1079`	`1088`
`1080`	`1089`	`Next, you'll need to create a route for this URL (but not a controller):`
`@@ -1085,7 +1094,7 @@ Next, you'll need to create a route for this URL (but not a controller):`
`1085`	`1094`
`1086`	`1095`	`# app/config/routing.yml`
`1087`	`1096`	`logout:`
`1088`		`-path:/logout`
	`1097`	`+path:/logout`
`1089`	`1098`
`1090`	`1099`	`..code-block::xml`
`1091`	`1100`
`@@ -1106,7 +1115,7 @@ Next, you'll need to create a route for this URL (but not a controller):`
`1106`	`1115`	`use Symfony\Component\Routing\Route;`
`1107`	`1116`
`1108`	`1117`	`$collection = new RouteCollection();`
`1109`		`- $collection->add('logout', new Route('/logout', array()));`
	`1118`	`+ $collection->add('logout', new Route('/logout'));`
`1110`	`1119`
`1111`	`1120`	`return $collection;`
`1112`	`1121`
`@@ -1171,6 +1180,8 @@ rules by creating a role hierarchy:`
`1171`	`1180`
`1172`	`1181`	`# app/config/security.yml`
`1173`	`1182`	`security:`
	`1183`	`+# ...`
	`1184`	`+`
`1174`	`1185`	`role_hierarchy:`
`1175`	`1186`	`ROLE_ADMIN:ROLE_USER`
`1176`	`1187`	`ROLE_SUPER_ADMIN:[ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]`
`@@ -1186,6 +1197,8 @@ rules by creating a role hierarchy:`
`1186`	`1197`	`http://symfony.com/schema/dic/services/services-1.0.xsd">`
`1187`	`1198`
`1188`	`1199`	`<config>`
	`1200`	`+<!-- ...-->`
	`1201`	`+`
`1189`	`1202`	`<roleid="ROLE_ADMIN">ROLE_USER</role>`
`1190`	`1203`	`<roleid="ROLE_SUPER_ADMIN">ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH</role>`
`1191`	`1204`	`</config>`
`@@ -1195,6 +1208,8 @@ rules by creating a role hierarchy:`
`1195`	`1208`
`1196`	`1209`	`// app/config/security.php`
`1197`	`1210`	`$container->loadFromExtension('security', array(`
	`1211`	`+ // ...`
	`1212`	`+`
`1198`	`1213`	`'role_hierarchy' => array(`
`1199`	`1214`	`'ROLE_ADMIN' => 'ROLE_USER',`
`1200`	`1215`	`'ROLE_SUPER_ADMIN' => array(`
`@@ -1224,6 +1239,8 @@ cookie will be ever created by Symfony):`
`1224`	`1239`
`1225`	`1240`	`# app/config/security.yml`
`1226`	`1241`	`security:`
	`1242`	`+# ...`
	`1243`	`+`
`1227`	`1244`	`firewalls:`
`1228`	`1245`	`main:`
`1229`	`1246`	`http_basic:~`
`@@ -1240,7 +1257,9 @@ cookie will be ever created by Symfony):`
`1240`	`1257`	`http://symfony.com/schema/dic/services/services-1.0.xsd">`
`1241`	`1258`
`1242`	`1259`	`<config>`
`1243`		`- <firewallstateless="true">`
	`1260`	`+<!-- ...-->`
	`1261`	`+`
	`1262`	`+ <firewallname="main"stateless="true">`
`1244`	`1263`	`<http-basic />`
`1245`	`1264`	`</firewall>`
`1246`	`1265`	`</config>`
`@@ -1250,8 +1269,10 @@ cookie will be ever created by Symfony):`
`1250`	`1269`
`1251`	`1270`	`// app/config/security.php`
`1252`	`1271`	`$container->loadFromExtension('security', array(`
	`1272`	`+ // ...`
	`1273`	`+`
`1253`	`1274`	`'firewalls' => array(`
`1254`		`- 'main' => array('http_basic' =>array(), 'stateless' => true),`
	`1275`	`+ 'main' => array('http_basic' =>null, 'stateless' => true),`
`1255`	`1276`	`),`
`1256`	`1277`	`));`
`1257`	`1278`

`‎cookbook/security/access_control.rst`

Lines changed: 14 additions & 19 deletions

Original file line number	Diff line number	Diff line change
@@ -54,12 +54,10 @@ Take the following ``access_control`` entries as an example:
`54`	`54`
`55`	`55`	`<config>`
`56`	`56`	`<!-- ...-->`
`57`		`- <access-control>`
`58`		`- <rulepath="^/admin"role="ROLE_USER_IP"ip="127.0.0.1" />`
`59`		`- <rulepath="^/admin"role="ROLE_USER_HOST"host="symfony\.com$" />`
`60`		`- <rulepath="^/admin"role="ROLE_USER_METHOD"method="POST, PUT" />`
`61`		`- <rulepath="^/admin"role="ROLE_USER" />`
`62`		`- </access-control>`
	`57`	`+ <rulepath="^/admin"role="ROLE_USER_IP"ip="127.0.0.1" />`
	`58`	`+ <rulepath="^/admin"role="ROLE_USER_HOST"host="symfony\.com$" />`
	`59`	`+ <rulepath="^/admin"role="ROLE_USER_METHOD"methods="POST, PUT" />`
	`60`	`+ <rulepath="^/admin"role="ROLE_USER" />`
`63`	`61`	`</config>`
`64`	`62`	`</srv:container>`
`65`	`63`
@@ -82,7 +80,7 @@ Take the following ``access_control`` entries as an example:
`82`	`80`	`array(`
`83`	`81`	`'path' => '^/admin',`
`84`	`82`	`'role' => 'ROLE_USER_METHOD',`
`85`		`- 'method' => 'POST, PUT',`
	`83`	`+ 'methods' => 'POST, PUT',`
`86`	`84`	`),`
`87`	`85`	`array(`
`88`	`86`	`'path' => '^/admin',`
`@@ -193,11 +191,10 @@ pattern so that it is only accessible by requests from the local server itself:`
`193`	`191`
`194`	`192`	`<config>`
`195`	`193`	`<!-- ...-->`
`196`		`- <access-control>`
`197`		`- <rulepath="^/esi"role="IS_AUTHENTICATED_ANONYMOUSLY"`
`198`		`-ips="127.0.0.1, ::1" />`
`199`		`- <rulepath="^/esi"role="ROLE_NO_ACCESS" />`
`200`		`- </access-control>`
	`194`	`+ <rulepath="^/internal"`
	`195`	`+role="IS_AUTHENTICATED_ANONYMOUSLY"`
	`196`	`+ips="127.0.0.1, ::1" />`
	`197`	`+ <rulepath="^/internal"role="ROLE_NO_ACCESS" />`
`201`	`198`	`</config>`
`202`	`199`	`</srv:container>`
`203`	`200`
`@@ -208,12 +205,12 @@ pattern so that it is only accessible by requests from the local server itself:`
`208`	`205`	`// ...`
`209`	`206`	`'access_control' => array(`
`210`	`207`	`array(`
`211`		`- 'path' => '^/esi',`
	`208`	`+ 'path' => '^/internal',`
`212`	`209`	`'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',`
`213`	`210`	`'ips' => '127.0.0.1, ::1'`
`214`	`211`	`),`
`215`	`212`	`array(`
`216`		`- 'path' => '^/esi',`
	`213`	`+ 'path' => '^/internal',`
`217`	`214`	`'role' => 'ROLE_NO_ACCESS'`
`218`	`215`	`),`
`219`	`216`	`),`
@@ -270,11 +267,9 @@ the user will be redirected to ``https``:
`270`	`267`	`xsi:schemaLocation="http://symfony.com/schema/dic/services`
`271`	`268`	`http://symfony.com/schema/dic/services/services-1.0.xsd">`
`272`	`269`
`273`		`- <access-control>`
`274`		`- <rulepath="^/cart/checkout"`
`275`		`-role="IS_AUTHENTICATED_ANONYMOUSLY"`
`276`		`-requires-channel="https" />`
`277`		`- </access-control>`
	`270`	`+ <rulepath="^/cart/checkout"`
	`271`	`+role="IS_AUTHENTICATED_ANONYMOUSLY"`
	`272`	`+requires-channel="https" />`
`278`	`273`	`</srv:container>`
`279`	`274`
`280`	`275`	`..code-block::php`

`‎cookbook/security/acl.rst`

Lines changed: 19 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -52,20 +52,36 @@ First, you need to configure the connection the ACL system is supposed to use:`
`52`	`52`
`53`	`53`	`# app/config/security.yml`
`54`	`54`	`security:`
	`55`	`+# ...`
	`56`	`+`
`55`	`57`	`acl:`
`56`	`58`	`connection:default`
`57`	`59`
`58`	`60`	`..code-block::xml`
`59`	`61`
`60`	`62`	`<!-- app/config/security.xml-->`
`61`		`- <acl>`
`62`		`- <connection>default</connection>`
`63`		`- </acl>`
	`63`	`+ <?xml version="1.0" encoding="UTF-8"?>`
	`64`	`+ <srv:containerxmlns="http://symfony.com/schema/dic/security"`
	`65`	`+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"`
	`66`	`+xmlns:srv="http://symfony.com/schema/dic/services"`
	`67`	`+xsi:schemaLocation="http://symfony.com/schema/dic/services`
	`68`	`+ http://symfony.com/schema/dic/services/services-1.0.xsd">`
	`69`	`+`
	`70`	`+ <config>`
	`71`	`+<!-- ...-->`
	`72`	`+`
	`73`	`+ <acl>`
	`74`	`+ <connection>default</connection>`
	`75`	`+ </acl>`
	`76`	`+ </config>`
	`77`	`+ </srv:container>`
`64`	`78`
`65`	`79`	`..code-block::php`
`66`	`80`
`67`	`81`	`// app/config/security.php`
`68`	`82`	`$container->loadFromExtension('security', 'acl', array(`
	`83`	`+ // ...`
	`84`	`+`
`69`	`85`	`'connection' => 'default',`
`70`	`86`	`));`
`71`	`87`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit9099cf2

File tree

16 files changed

16 files changed

`‎book/security.rst`

`‎cookbook/security/access_control.rst`

`‎cookbook/security/acl.rst`

0 commit comments