Commitbb1a9b7

committed

feature#5921 [2.8] Document some Security changes (WouterJ)

This PR was merged into the 2.8 branch.Discussion----------[2.8] Document some Security changes| Q | A| --- | ---| Doc fix? | no| New docs? | yes (symfony/symfony#15131,symfony/symfony#16493,symfony/symfony#15151| Applies to | 2.8+| Fixed tickets | -Commits-------0526ca0 Document deprecation of supports{Attribute,Class}() methods22026ee Document Security key to secret renamings4036d26 Use new Simple{Form,Pre}AuthenticatorInterface namespaces

2 parents4799a7c +0526ca0 commitbb1a9b7Copy full SHA for bb1a9b7

File tree

5 files changed

+46

-19

lines changed

5 files changed

+46

-19

lines changed

`‎components/security/authorization.rst`

Lines changed: 8 additions & 2 deletions

Original file line number	Diff line number	Diff line change
@@ -90,10 +90,10 @@ of :class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterf
`90`	`90`	`which means they have to implement a few methods which allows the decision`
`91`	`91`	`manager to use them:`
`92`	`92`
`93`		-``supportsAttribute($attribute)``
	`93`	+``supportsAttribute($attribute)`` (deprecated as of 2.8)
`94`	`94`	`will be used to check if the voter knows how to handle the given attribute;`
`95`	`95`
`96`		-``supportsClass($class)``
	`96`	+``supportsClass($class)`` (deprecated as of 2.8)
`97`	`97`	`will be used to check if the voter is able to grant or deny access for`
`98`	`98`	`an object of the given class;`
`99`	`99`
`@@ -103,6 +103,12 @@ manager to use them:`
`103`	`103`	i.e. ``VoterInterface::ACCESS_GRANTED``, ``VoterInterface::ACCESS_DENIED``
`104`	`104`	or ``VoterInterface::ACCESS_ABSTAIN``;
`105`	`105`
	`106`	`+..note::`
	`107`	`+`
	`108`	+ The ``supportsAttribute()`` and ``supportsClass()`` methods are deprecated
	`109`	`+ as of Symfony 2.8 and no longer required in 3.0. These methods should not`
	`110`	`+ be called outside the voter class.`
	`111`	`+`
`106`	`112`	`The Security component contains some standard voters which cover many use`
`107`	`113`	`cases:`
`108`	`114`

`‎cookbook/security/api_key_authentication.rst`

Lines changed: 13 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,8 +16,14 @@ passed as a query string parameter or via an HTTP header.`
`16`	`16`	`The API Key Authenticator`
`17`	`17`	`-------------------------`
`18`	`18`
	`19`	`+..versionadded::2.8`
	`20`	+ The ``SimplePreAuthenticatorInterface`` interface was moved to the
	`21`	+ ``Symfony\Component\Security\Http\Authentication`` namespace in Symfony
	`22`	`+ 2.8. Prior to 2.8, it was located in the`
	`23`	+ ``Symfony\Component\Security\Core\Authentication`` namespace.
	`24`	`+`
`19`	`25`	`Authenticating a user based on the Request information should be done via a`
`20`		-pre-authentication mechanism. The:class:`Symfony\\Component\\Security\\Core\\Authentication\\SimplePreAuthenticatorInterface`
	`26`	+pre-authentication mechanism. The:class:`Symfony\\Component\\Security\\Http\\Authentication\\SimplePreAuthenticatorInterface`
`21`	`27`	`allows you to implement such a scheme really easily.`
`22`	`28`
`23`	`29`	`Your exact situation may differ, but in this example, a token is read`
`@@ -27,13 +33,13 @@ value and then a User object is created::`
`27`	`33`	`// src/AppBundle/Security/ApiKeyAuthenticator.php`
`28`	`34`	`namespace AppBundle\Security;`
`29`	`35`
`30`		`- use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface;`
	`36`	`+ use Symfony\Component\HttpFoundation\Request;`
	`37`	`+ use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;`
`31`	`38`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`32`	`39`	`use Symfony\Component\Security\Core\Exception\AuthenticationException;`
`33`		`- use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;`
`34`		`- use Symfony\Component\HttpFoundation\Request;`
`35`		`- use Symfony\Component\Security\Core\User\UserProviderInterface;`
`36`	`40`	`use Symfony\Component\Security\Core\Exception\BadCredentialsException;`
	`41`	`+ use Symfony\Component\Security\Core\User\UserProviderInterface;`
	`42`	`+ use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;`
`37`	`43`
`38`	`44`	`class ApiKeyAuthenticator implements SimplePreAuthenticatorInterface`
`39`	`45`	`{`
@@ -273,9 +279,9 @@ you can use to create an error ``Response``.
`273`	`279`	`// src/AppBundle/Security/ApiKeyAuthenticator.php`
`274`	`280`	`namespace AppBundle\Security;`
`275`	`281`
`276`		`- use Symfony\Component\Security\Core\Authentication\SimplePreAuthenticatorInterface;`
`277`	`282`	`use Symfony\Component\Security\Core\Exception\AuthenticationException;`
`278`	`283`	`use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;`
	`284`	`+ use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;`
`279`	`285`	`use Symfony\Component\HttpFoundation\Response;`
`280`	`286`	`use Symfony\Component\HttpFoundation\Request;`
`281`	`287`
@@ -506,8 +512,8 @@ for security reasons. To take advantage of the session, update ``ApiKeyAuthentic
`506`	`512`	`to see if the stored token has a valid User object that can be used::`
`507`	`513`
`508`	`514`	`// src/AppBundle/Security/ApiKeyAuthenticator.php`
`509`		`- // ...`
`510`	`515`
	`516`	`+ // ...`
`511`	`517`	`class ApiKeyAuthenticator implements SimplePreAuthenticatorInterface`
`512`	`518`	`{`
`513`	`519`	`// ...`

`‎cookbook/security/custom_password_authenticator.rst`

Lines changed: 8 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,22 +21,28 @@ The Password Authenticator`
`21`	`21`	`..versionadded::2.6`
`22`	`22`	The ``UserPasswordEncoderInterface`` interface was introduced in Symfony 2.6.
`23`	`23`
	`24`	`+..versionadded::2.8`
	`25`	+ The ``SimpleFormAuthenticatorInterface`` interface was moved to the
	`26`	+ ``Symfony\Component\Security\Http\Authentication`` namespace in Symfony
	`27`	`+ 2.8. Prior to 2.8, it was located in the`
	`28`	+ ``Symfony\Component\Security\Core\Authentication`` namespace.
	`29`	`+`
`24`	`30`	`First, create a new class that implements`
`25`		-:class:`Symfony\\Component\\Security\\Core\\Authentication\\SimpleFormAuthenticatorInterface`.
	`31`	+:class:`Symfony\\Component\\Security\\Http\\Authentication\\SimpleFormAuthenticatorInterface`.
`26`	`32`	`Eventually, this will allow you to create custom logic for authenticating`
`27`	`33`	`the user::`
`28`	`34`
`29`	`35`	`// src/Acme/HelloBundle/Security/TimeAuthenticator.php`
`30`	`36`	`namespace Acme\HelloBundle\Security;`
`31`	`37`
`32`	`38`	`use Symfony\Component\HttpFoundation\Request;`
`33`		`- use Symfony\Component\Security\Core\Authentication\SimpleFormAuthenticatorInterface;`
`34`	`39`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`35`	`40`	`use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;`
`36`	`41`	`use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;`
`37`	`42`	`use Symfony\Component\Security\Core\Exception\AuthenticationException;`
`38`	`43`	`use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;`
`39`	`44`	`use Symfony\Component\Security\Core\User\UserProviderInterface;`
	`45`	`+ use Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface;`
`40`	`46`
`41`	`47`	`class TimeAuthenticator implements SimpleFormAuthenticatorInterface`
`42`	`48`	`{`

`‎cookbook/security/remember_me.rst`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
@@ -84,7 +84,8 @@ The ``remember_me`` firewall defines the following configuration options:
`84`	`84`
`85`	`85`	``secret`` (required)
`86`	`86`	`..versionadded::2.8`
`87`		- Prior to Symfony 2.8, the ``secret`` option was named ``key``.
	`87`	+ The ``secret`` option was introduced in Symfony 2.8. Prior to 2.8, it
	`88`	+ was named ``key``.
`88`	`89`
`89`	`90`	`The value used to encrypt the cookie's content. It's common to use the`
`90`	`91`	``secret`` value defined in the ``app/config/parameters.yml`` file.

`‎reference/configuration/security.rst`

Lines changed: 15 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -180,7 +180,7 @@ Each part will be explained in the next section.`
`180`	`180`
`181`	`181`	`remember_me:`
`182`	`182`	`token_provider:name`
`183`		`-secret:someS3cretKey`
	`183`	`+secret:"%secret%"`
`184`	`184`	`name:NameOfTheCookie`
`185`	`185`	`lifetime:3600# in seconds`
`186`	`186`	`path:/foo`
`@@ -227,7 +227,7 @@ Each part will be explained in the next section.`
`227`	`227`	`domain:~`
`228`	`228`	`handlers:[]`
`229`	`229`	`anonymous:`
`230`		`-secret:4f954a0667e01`
	`230`	`+secret:"%secret%"`
`231`	`231`	`switch_user:`
`232`	`232`	`provider:~`
`233`	`233`	`parameter:_switch_user`
`@@ -246,6 +246,10 @@ Each part will be explained in the next section.`
`246`	`246`	`ROLE_ADMIN:[ROLE_ORGANIZER, ROLE_USER]`
`247`	`247`	`ROLE_SUPERADMIN:[ROLE_ADMIN]`
`248`	`248`
	`249`	`+..versionadded::2.8`
	`250`	+ The ``secret`` option of ``anonymous`` and ``remember_me`` was introduced
	`251`	+ in Symfony 2.8. Prior to 2.8, it was called ``key``.
	`252`	`+`
`249`	`253`	`.. _reference-security-firewall-form-login:`
`250`	`254`
`251`	`255`	`Form Login Configuration`
`@@ -479,7 +483,7 @@ multiple firewalls, the "context" could actually be shared:`
`479`	`483`	`HTTP-Digest Authentication`
`480`	`484`	`--------------------------`
`481`	`485`
`482`		`-To use HTTP-Digest authentication you need to provide a realm and akey:`
	`486`	`+To use HTTP-Digest authentication you need to provide a realm and asecret:`
`483`	`487`
`484`	`488`	`..configuration-block::`
`485`	`489`
`@@ -490,15 +494,15 @@ To use HTTP-Digest authentication you need to provide a realm and a key:`
`490`	`494`	`firewalls:`
`491`	`495`	`somename:`
`492`	`496`	`http_digest:`
`493`		`-key:"a_random_string"`
	`497`	`+secret:"%secret%"`
`494`	`498`	`realm:"secure-api"`
`495`	`499`
`496`	`500`	`..code-block::xml`
`497`	`501`
`498`	`502`	`<!-- app/config/security.xml-->`
`499`	`503`	`<security:config>`
`500`	`504`	`<firewallname="somename">`
`501`		`- <http-digestkey="a_random_string"realm="secure-api" />`
	`505`	`+ <http-digestsecret="%secret%"realm="secure-api" />`
`502`	`506`	`</firewall>`
`503`	`507`	`</security:config>`
`504`	`508`
`@@ -509,12 +513,16 @@ To use HTTP-Digest authentication you need to provide a realm and a key:`
`509`	`513`	`'firewalls' => array(`
`510`	`514`	`'somename' => array(`
`511`	`515`	`'http_digest' => array(`
`512`		`- 'key'=> 'a_random_string',`
`513`		`- 'realm' => 'secure-api',`
	`516`	`+ 'secret'=> '%secret%',`
	`517`	`+ 'realm'=> 'secure-api',`
`514`	`518`	`),`
`515`	`519`	`),`
`516`	`520`	`),`
`517`	`521`	`));`
`518`	`522`
	`523`	`+..versionadded::2.8`
	`524`	+ The ``secret`` option was introduced in Symfony 2.8. Prior to 2.8, it was
	`525`	+ called ``key``.
	`526`	`+`
`519`	`527`	.. _`PBKDF2`:https://en.wikipedia.org/wiki/PBKDF2
`520`	`528`	.. _`ircmaxell/password-compat`:https://packagist.org/packages/ircmaxell/password-compat

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitbb1a9b7

File tree

5 files changed

5 files changed

`‎components/security/authorization.rst`

`‎cookbook/security/api_key_authentication.rst`

`‎cookbook/security/custom_password_authenticator.rst`

`‎cookbook/security/remember_me.rst`

`‎reference/configuration/security.rst`

0 commit comments