Symfony2 Security Layer Non chiedetemi del MethodSecurityInterceptor
Noi siamo qui
Eh?!
Sim sala min!
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
AutenticazioneAutorizzazione
app/config/security.ymlsecurity:    providers:        nomi_fantasiosi:            entity:                class: AcmeUserBun...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
app/config/security.ymlsecurity:    providers:        in_memory:            memory:                users:                  ...
L’autenticatopublic function indexAction(){    $user = $this         ->get(security.context)         ->getToken()         ...
getToken()?!
...con user e password   $this      ->get(security.context)      ->getToken()      ->isAuthenticated()
...con user e password   $this      ->get(security.context)      ->getToken()                                E      ->isAu...
...anonimo$this   ->get(security.context)   ->getToken()   ->isAuthenticated()
...anonimo$this   ->get(security.context)   ->getToken()                             E   ->isAuthenticated()              ...
True?!
Authentication
La chiamata (app.php)$kernel = new AppKernel(prod, false);$request = Request::createFromGlobals();$response = $kernel->han...
La chiamata$this   ->dispatcher   ->dispatch(‘kernel.request’, $event);
FirewallFirewallMap
FirewallFirewallMap Listeners
FirewallFirewallMap Listeners              Token
Firewall     FirewallMap      Listeners                         TokenAuthenticationProvider
Firewall                    FirewallMap                     Listeners                                          Token      ...
FirewallAuthSuccessHandler                            FirewallMap AuthFailureHandler                             Listeners...
FirewallAuthSuccessHandler                            FirewallMap                                                SessionAu...
Authorization
Voter
SecurityContext     AccessListener    MethodSecurityInterceptor                  AccessDecisionManager                    ...
SecurityContext     AccessListener     MethodSecurityInterceptor                  AccessDecisionManager                   ...
SecurityContext     AccessListener     MethodSecurityInterceptor                  AccessDecisionManager                   ...
SecurityContext     AccessListener     MethodSecurityInterceptor                  AccessDecisionManager                   ...
Sveliamo il mistero           isAuthenticated                 vsisGranted(‘IS_FULLY_AUTHENTICATED’)
Ego slide• Manuel “Kea” Baldassarri• Senior Developer• Webdev dal 1992 e PHP dev dal 1998• Pro PHP: best practices• Marito...
?
Tip #1Impersonare un utente
Tip #2• Documentazione • http://symfony.com/doc/current/book • http://symfony.com/doc/current/cookbook • http://symfony.co...
Tip #3Leggi il codice
Creative Common• http://www.flickr.com/photos/mardrom/  8010607983/
Symfony2 security layer
Upcoming SlideShare
Loading in …5
×

Symfony2 security layer

2,547 views

Published on

  • Be the first to comment

Symfony2 security layer

  1. 1. Symfony2 Security Layer Non chiedetemi del MethodSecurityInterceptor
  2. 2. Noi siamo qui
  3. 3. Eh?!
  4. 4. Sim sala min!
  5. 5. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  6. 6. AutenticazioneAutorizzazione
  7. 7. app/config/security.ymlsecurity: providers: nomi_fantasiosi: entity: class: AcmeUserBundle:User property: username encoders: AcmeUserBundleEntityUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  8. 8. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  9. 9. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: md5 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  10. 10. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  11. 11. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha512 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  12. 12. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  13. 13. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_basic: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  14. 14. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_digest: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  15. 15. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ x509: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  16. 16. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  17. 17. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  18. 18. L’autenticatopublic function indexAction(){ $user = $this ->get(security.context) ->getToken() ->getUser();}
  19. 19. getToken()?!
  20. 20. ...con user e password $this ->get(security.context) ->getToken() ->isAuthenticated()
  21. 21. ...con user e password $this ->get(security.context) ->getToken() E ->isAuthenticated() RU T
  22. 22. ...anonimo$this ->get(security.context) ->getToken() ->isAuthenticated()
  23. 23. ...anonimo$this ->get(security.context) ->getToken() E ->isAuthenticated() RU T
  24. 24. True?!
  25. 25. Authentication
  26. 26. La chiamata (app.php)$kernel = new AppKernel(prod, false);$request = Request::createFromGlobals();$response = $kernel->handle($request);$response->send();$kernel->terminate($request, $response);
  27. 27. La chiamata$this ->dispatcher ->dispatch(‘kernel.request’, $event);
  28. 28. FirewallFirewallMap
  29. 29. FirewallFirewallMap Listeners
  30. 30. FirewallFirewallMap Listeners Token
  31. 31. Firewall FirewallMap Listeners TokenAuthenticationProvider
  32. 32. Firewall FirewallMap Listeners Token AuthenticationProviderUserProvider Encoder UserChecker
  33. 33. FirewallAuthSuccessHandler FirewallMap AuthFailureHandler Listeners LogoutHandler TokenLogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
  34. 34. FirewallAuthSuccessHandler FirewallMap SessionAuthStrategy AuthFailureHandler Listeners RememberMe LogoutHandler TokenLogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
  35. 35. Authorization
  36. 36. Voter
  37. 37. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter
  38. 38. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AuthenticatedVoter AuthenticatedTrustResolver
  39. 39. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter RoleVoter AuthenticatedVoter RoleHierarchy AuthenticatedTrustResolver
  40. 40. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AclVoter RoleVoter AuthenticatedVoter RoleHierarchyPermissionMap AuthenticatedTrustResolver AclProvider
  41. 41. Sveliamo il mistero isAuthenticated vsisGranted(‘IS_FULLY_AUTHENTICATED’)
  42. 42. Ego slide• Manuel “Kea” Baldassarri• Senior Developer• Webdev dal 1992 e PHP dev dal 1998• Pro PHP: best practices• Marito e bi-padre• mb@ideato.it twitter: k3a• flickr: kea42 slideshare: kea42
  43. 43. ?
  44. 44. Tip #1Impersonare un utente
  45. 45. Tip #2• Documentazione • http://symfony.com/doc/current/book • http://symfony.com/doc/current/cookbook • http://symfony.com/doc/current/components • https://github.com/matthiasnoback/symfony-docs • http://symfony.com/doc/current/reference/ configuration/security.htm
  46. 46. Tip #3Leggi il codice
  47. 47. Creative Common• http://www.flickr.com/photos/mardrom/ 8010607983/

×