Symfony2 security layer

1. Symfony2 Security Layer Non chiedetemi del MethodSecurityInterceptor

2. Noi siamo qui

3. Eh?!

4. Sim sala min!

5. app/conﬁg/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }

6. AutenticazioneAutorizzazione

7. app/conﬁg/security.ymlsecurity: providers: nomi_fantasiosi: entity: class: AcmeUserBundle:User property: username encoders: AcmeUserBundleEntityUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }

8. app/conﬁg/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }

9. app/conﬁg/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: md5 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }

13. app/conﬁg/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_basic: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }

14. app/conﬁg/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_digest: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }

15. app/conﬁg/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ x509: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }

18. L’autenticatopublic function indexAction(){ $user = $this ->get(security.context) ->getToken() ->getUser();}

19. getToken()?!

20. ...con user e password $this ->get(security.context) ->getToken() ->isAuthenticated()

21. ...con user e password $this ->get(security.context) ->getToken() E ->isAuthenticated() RU T

22. ...anonimo$this ->get(security.context) ->getToken() ->isAuthenticated()

23. ...anonimo$this ->get(security.context) ->getToken() E ->isAuthenticated() RU T

24. True?!

25. Authentication

26. La chiamata (app.php)$kernel = new AppKernel(prod, false);$request = Request::createFromGlobals();$response = $kernel->handle($request);$response->send();$kernel->terminate($request, $response);

27. La chiamata$this ->dispatcher ->dispatch(‘kernel.request’, $event);

28. FirewallFirewallMap

29. FirewallFirewallMap Listeners

30. FirewallFirewallMap Listeners Token

31. Firewall FirewallMap Listeners TokenAuthenticationProvider

32. Firewall FirewallMap Listeners Token AuthenticationProviderUserProvider Encoder UserChecker

33. FirewallAuthSuccessHandler FirewallMap AuthFailureHandler Listeners LogoutHandler TokenLogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker

34. FirewallAuthSuccessHandler FirewallMap SessionAuthStrategy AuthFailureHandler Listeners RememberMe LogoutHandler TokenLogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker

35. Authorization

36. Voter

37. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter

38. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AuthenticatedVoter AuthenticatedTrustResolver

39. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter RoleVoter AuthenticatedVoter RoleHierarchy AuthenticatedTrustResolver

40. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AclVoter RoleVoter AuthenticatedVoter RoleHierarchyPermissionMap AuthenticatedTrustResolver AclProvider

41. Sveliamo il mistero isAuthenticated vsisGranted(‘IS_FULLY_AUTHENTICATED’)

42. Ego slide• Manuel “Kea” Baldassarri• Senior Developer• Webdev dal 1992 e PHP dev dal 1998• Pro PHP: best practices• Marito e bi-padre• mb@ideato.it twitter: k3a• ﬂickr: kea42 slideshare: kea42

44. Tip #1Impersonare un utente

45. Tip #2• Documentazione • http://symfony.com/doc/current/book • http://symfony.com/doc/current/cookbook • http://symfony.com/doc/current/components • https://github.com/matthiasnoback/symfony-docs • http://symfony.com/doc/current/reference/ conﬁguration/security.htm

46. Tip #3Leggi il codice

47. Creative Common• http://www.ﬂickr.com/photos/mardrom/ 8010607983/