Symfony2 Security Layer Non chiedetemi del MethodSecurityInterceptor
Noi siamo qui
Eh?!
Sim sala min!
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
AutenticazioneAutorizzazione
app/config/security.ymlsecurity:    providers:        nomi_fantasiosi:            entity:                class: AcmeUserBun...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
L’autenticatopublic function indexAction(){    $user = $this         ->get(security.context)         ->getToken()         ...
getToken()?!
...con user e password   $this      ->get(security.context)      ->getToken()      ->isAuthenticated()
...con user e password   $this      ->get(security.context)      ->getToken()                                E      ->isAu...
...anonimo$this   ->get(security.context)   ->getToken()   ->isAuthenticated()
...anonimo$this   ->get(security.context)   ->getToken()                             E   ->isAuthenticated()              ...
True?!
Authentication
La chiamata (app.php)$kernel = new AppKernel(prod, false);$request = Request::createFromGlobals();$response = $kernel->han...
La chiamata$this   ->dispatcher   ->dispatch(‘kernel.request’, $event);
FirewallFirewallMap
FirewallFirewallMap Listeners
FirewallFirewallMap Listeners              Token
Firewall     FirewallMap      Listeners                         TokenAuthenticationProvider
Firewall                    FirewallMap                     Listeners                                          Token      ...
FirewallAuthSuccessHandler                            FirewallMap AuthFailureHandler                             Listeners...
FirewallAuthSuccessHandler                            FirewallMap                                                SessionAu...
Authorization
Voter
SecurityContext     AccessListener    MethodSecurityInterceptor                  AccessDecisionManager                    ...
SecurityContext     AccessListener     MethodSecurityInterceptor                  AccessDecisionManager                   ...
SecurityContext     AccessListener     MethodSecurityInterceptor                  AccessDecisionManager                   ...
SecurityContext     AccessListener     MethodSecurityInterceptor                  AccessDecisionManager                   ...
Sveliamo il mistero           isAuthenticated                 vsisGranted(‘IS_FULLY_AUTHENTICATED’)
Ego slide• Manuel “Kea” Baldassarri• Senior Developer• Webdev dal 1992 e PHP dev dal 1998• Pro PHP: best practices• Marito...
?
Tip #1Impersonare un utente
Tip #2• Documentazione • http://symfony.com/doc/current/book • http://symfony.com/doc/current/cookbook • http://symfony.co...
Tip #3Leggi il codice
Creative Common• http://www.flickr.com/photos/mardrom/  8010607983/
Symfony2 security layer
Upcoming SlideShare
Loading in...5
×

Symfony2 security layer

1,696

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,696
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
36
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • \n
  • Cosa vedremo: overview sul component, qualche esempio di conf e un po’ come funziona “da dentro”\n
  • \n
  • \n
  • \n
  • 90% del lavoro nel 90% dei casi è configurazione\n
  • \n
  • Verifica che tu sia chi dici di essere\nVerifica che tu abbia i privilegi per fare qualcosa\n\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Più firewall non condividono il contesto di sicurezza\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • vediamo il codice\n
  • \n
  • All’interno del kernel, dopo l’inizializzazione\n
  • Il firewall viene notificato dall’evento kernel.request, chiede al firewallmap se c’è una corrispondenza con i pattern delle url delle secured areas (requestMatcher)\nEsempi!\n
  • in tal caso viene chiesto al listener di gestire la richiesta.\nLISTENERS: AnonymousAuthenticationListener, BasicAuth, Digest, Logout, SwitchUser, X509, UserPwdForm, RemberMe\n
  • Anonymous, RemeberMe, UsernamePassword, PreAuth\nimplementano la TokenInferface (getUsername, getRoles, getCredentials, isAuth, getUser)\n
  • \n
  • memory, entity\n
  • \n
  • supporta 3 strategie per la gestione della sessione:\n * NONE: the session is not changed\n * MIGRATE: the session id is updated, attributes are kept\n * INVALIDATE: the session id is updated, attributes are lost\n
  • \n
  • Un votante è una classe dedicata a verificare che l'utente abbia i diritti per connettersi all'applicazione.\nAccesso consentito, negato, astenuto\n
  • AccessDecMan usa i votanti per decidere se dare o meno l’autorizzazione\n
  • \n
  • \n
  • Strategie: Affirmative (basta un grant), Consensus (maggioranza), Unanimous (unanimità)\n\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Symfony2 security layer

    1. 1. Symfony2 Security Layer Non chiedetemi del MethodSecurityInterceptor
    2. 2. Noi siamo qui
    3. 3. Eh?!
    4. 4. Sim sala min!
    5. 5. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    6. 6. AutenticazioneAutorizzazione
    7. 7. app/config/security.ymlsecurity: providers: nomi_fantasiosi: entity: class: AcmeUserBundle:User property: username encoders: AcmeUserBundleEntityUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    8. 8. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    9. 9. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: md5 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    10. 10. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    11. 11. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha512 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    12. 12. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    13. 13. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_basic: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    14. 14. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_digest: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    15. 15. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ x509: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    16. 16. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    17. 17. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
    18. 18. L’autenticatopublic function indexAction(){ $user = $this ->get(security.context) ->getToken() ->getUser();}
    19. 19. getToken()?!
    20. 20. ...con user e password $this ->get(security.context) ->getToken() ->isAuthenticated()
    21. 21. ...con user e password $this ->get(security.context) ->getToken() E ->isAuthenticated() RU T
    22. 22. ...anonimo$this ->get(security.context) ->getToken() ->isAuthenticated()
    23. 23. ...anonimo$this ->get(security.context) ->getToken() E ->isAuthenticated() RU T
    24. 24. True?!
    25. 25. Authentication
    26. 26. La chiamata (app.php)$kernel = new AppKernel(prod, false);$request = Request::createFromGlobals();$response = $kernel->handle($request);$response->send();$kernel->terminate($request, $response);
    27. 27. La chiamata$this ->dispatcher ->dispatch(‘kernel.request’, $event);
    28. 28. FirewallFirewallMap
    29. 29. FirewallFirewallMap Listeners
    30. 30. FirewallFirewallMap Listeners Token
    31. 31. Firewall FirewallMap Listeners TokenAuthenticationProvider
    32. 32. Firewall FirewallMap Listeners Token AuthenticationProviderUserProvider Encoder UserChecker
    33. 33. FirewallAuthSuccessHandler FirewallMap AuthFailureHandler Listeners LogoutHandler TokenLogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
    34. 34. FirewallAuthSuccessHandler FirewallMap SessionAuthStrategy AuthFailureHandler Listeners RememberMe LogoutHandler TokenLogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
    35. 35. Authorization
    36. 36. Voter
    37. 37. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter
    38. 38. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AuthenticatedVoter AuthenticatedTrustResolver
    39. 39. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter RoleVoter AuthenticatedVoter RoleHierarchy AuthenticatedTrustResolver
    40. 40. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AclVoter RoleVoter AuthenticatedVoter RoleHierarchyPermissionMap AuthenticatedTrustResolver AclProvider
    41. 41. Sveliamo il mistero isAuthenticated vsisGranted(‘IS_FULLY_AUTHENTICATED’)
    42. 42. Ego slide• Manuel “Kea” Baldassarri• Senior Developer• Webdev dal 1992 e PHP dev dal 1998• Pro PHP: best practices• Marito e bi-padre• mb@ideato.it twitter: k3a• flickr: kea42 slideshare: kea42
    43. 43. ?
    44. 44. Tip #1Impersonare un utente
    45. 45. Tip #2• Documentazione • http://symfony.com/doc/current/book • http://symfony.com/doc/current/cookbook • http://symfony.com/doc/current/components • https://github.com/matthiasnoback/symfony-docs • http://symfony.com/doc/current/reference/ configuration/security.htm
    46. 46. Tip #3Leggi il codice
    47. 47. Creative Common• http://www.flickr.com/photos/mardrom/ 8010607983/
    1. Gostou de algum slide específico?

      Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

    ×