Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Facelifted book/security#2783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Closed
wouterj wants to merge8 commits intosymfony:masterfromwouterj:security_facelift
Closed
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 29 additions & 30 deletionsbook/security.rst
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -25,8 +25,8 @@ application with HTTP Basic authentication.

.. note::

`Symfony's security component`_ is available as a standalone PHP library
for use inside any PHP project.
:doc:`Symfony's security component </components/security/introduction>` is
available as a standalone PHP libraryfor use inside any PHP project.

Basic Example: HTTP Authentication
----------------------------------
Expand DownExpand Up@@ -415,7 +415,7 @@ submission (i.e. ``/login_check``):
``check_path`` ``logout`` keys. These keys can be route names (as shown
in this example) or URLs that have routes configured for them.

Notice that the name of the ``login`` route matches the``login_path`` config
Notice that the name of the ``login`` route matches the``login_path`` config
value, as that's where the security system will redirect users that need
to login.

Expand DownExpand Up@@ -674,14 +674,11 @@ see :doc:`/cookbook/security/form_login`.
Authorization
-------------

The first step in security is always authentication: the process of verifying
who the user is. With Symfony, authentication can be done in any way - via
a form login, basic HTTP Authentication, or even via Facebook.

Once the user has been authenticated, authorization begins. Authorization
provides a standard and powerful way to decide if a user can access any resource
(a URL, a model object, a method call, ...). This works by assigning specific
roles to each user, and then requiring different roles for different resources.
The first step in security is always authentication. Once the user has been
authenticated, authorization begins. Authorization provides a standard and
powerful way to decide if a user can access any resource (a URL, a model
object, a method call, ...). This works by assigning specific roles to each
user, and then requiring different roles for different resources.

The process of authorization has two different sides:

Expand All@@ -700,12 +697,6 @@ URL pattern. You've seen this already in the first example of this chapter,
where anything matching the regular expression pattern ``^/admin`` requires
the ``ROLE_ADMIN`` role.

.. caution::

Understanding exactly how ``access_control`` works is **very** important
to make sure your application is properly secured. See :ref:`security-book-access-control-explanation`
below for detailed information.

You can define as many URL patterns as you need - each is a regular expression.

.. configuration-block::
Expand DownExpand Up@@ -757,12 +748,15 @@ to find *one* that matches the current request. As soon as it finds a matching
is used to enforce access.

Each ``access_control`` has several options that configure two different
things: (a) :ref:`should the incoming request match this access control entry<security-book-access-control-matching-options>`
and (b) :ref:`once it matches, should some sort of access restriction be enforced<security-book-access-control-enforcement-options>`:
things:

* :ref:`should the incoming request match this access control entry<security-book-access-control-matching-options>`
* :ref:`once it matches, should some sort of access restriction be enforced<security-book-access-control-enforcement-options>`:

.. _security-book-access-control-matching-options:

**(a) Matching Options**
Matching Options
................

Symfony2 creates an instance of :class:`Symfony\\Component\\HttpFoundation\\RequestMatcher`
for each ``access_control`` entry, which determines whether or not a given
Expand DownExpand Up@@ -842,7 +836,8 @@ will match any ``ip``, ``host`` or ``method``:

.. _security-book-access-control-enforcement-options:

**(b) Access Enforcement**
Access Enforcement
..................

Once Symfony2 has decided which ``access_control`` entry matches (if any),
it then *enforces* access restrictions based on the ``roles`` and ``requires_channel``
Expand DownExpand Up@@ -1185,7 +1180,9 @@ class:
security:
providers:
main:
entity: { class: Acme\UserBundle\Entity\User, property: username }
entity:
class: Acme\UserBundle\Entity\User
property: username

.. code-block:: xml

Expand All@@ -1202,7 +1199,10 @@ class:
$container->loadFromExtension('security', array(
'providers' => array(
'main' => array(
'entity' => array('class' => 'Acme\UserBundle\Entity\User', 'property' => 'username'),
'entity' => array(
'class' => 'Acme\UserBundle\Entity\User',
'property' => 'username',
),
),
),
));
Expand DownExpand Up@@ -1705,11 +1705,6 @@ Note that you will *not* need to implement a controller for the ``/logout``
URL as the firewall takes care of everything. You *do*, however, need to create
a route so that you can use it to generate the URL:

.. caution::

As of Symfony 2.1, you *must* have a route that corresponds to your logout
path. Without this route, logging out will not work.

.. configuration-block::

.. code-block:: yaml
Expand DownExpand Up@@ -1742,6 +1737,11 @@ a route so that you can use it to generate the URL:

return $collection;

.. caution::

As of Symfony 2.1, you *must* have a route that corresponds to your logout
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

shouldn't we remove theAs of Symfony 2.1 as 2.0 is not maintained anymore ?

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Only from bramches which are released after the deprecation. In this case, it's 2.3

path. Without this route, logging out will not work.

Once the user has been logged out, he will be redirected to whatever path
is defined by the ``target`` parameter above (e.g. the ``homepage``). For
more information on configuring the logout, see the
Expand DownExpand Up@@ -1861,7 +1861,7 @@ to show a link to exit impersonation:
.. code-block:: html+jinja

{% if is_granted('ROLE_PREVIOUS_ADMIN') %}
<a href="{{ path('homepage', {_switch_user: '_exit'}) }}">Exit impersonation</a>
<a href="{{ path('homepage', {'_switch_user': '_exit'}) }}">Exit impersonation</a>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

this change is not needed (unless you use an old Txig version)

Copy link
MemberAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

It is, it's invalid jinja and thus it isn't highlighted on the website

{% endif %}

.. code-block:: html+php
Expand DownExpand Up@@ -2040,7 +2040,6 @@ Learn more from the Cookbook
* :doc:`Access Control Lists (ACLs) </cookbook/security/acl>`
* :doc:`/cookbook/security/remember_me`

.. _`Symfony's security component`: https://github.com/symfony/Security
.. _`JMSSecurityExtraBundle`: http://jmsyst.com/bundles/JMSSecurityExtraBundle/1.2
.. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle
.. _`implement the \Serializable interface`: http://php.net/manual/en/class.serializable.php
Expand Down
[8]ページ先頭
©2009-2025 Movatter.jp