Just for you: FREE 60-day trial to the world’s largest digital library.
The SlideShare family just got bigger. Enjoy access to millions of ebooks, audiobooks, magazines, and more from Scribd.
Cancel anytime.Symfony2 security layer
- 1. Symfony2 Security Layer Non chiedetemi del MethodSecurityInterceptor
- 2. Noi siamo qui
- 3. Eh?!
- 4. Sim sala min!
- 5. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 6. Autenticazione Autorizzazione
- 7. app/config/security.yml security: providers: nomi_fantasiosi: entity: class: AcmeUserBundle:User property: username encoders: AcmeUserBundleEntityUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 8. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 9. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: md5 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 10. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 11. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: sha512 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 12. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 13. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_basic: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 14. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_digest: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 15. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ x509: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 16. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 17. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 18. L’autenticato public function indexAction() { $user = $this ->get('security.context') ->getToken() ->getUser(); }
- 19. getToken()?!
- 20. ...con user e password $this ->get('security.context') ->getToken() ->isAuthenticated()
- 21. ...con user e password $this ->get('security.context') ->getToken() E ->isAuthenticated() RU T
- 22. ...anonimo $this ->get('security.context') ->getToken() ->isAuthenticated()
- 23. ...anonimo $this ->get('security.context') ->getToken() E ->isAuthenticated() RU T
- 24. True?!
- 25. Authentication
- 26. La chiamata (app.php) $kernel = new AppKernel('prod', false); $request = Request::createFromGlobals(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
- 27. La chiamata $this ->dispatcher ->dispatch(‘kernel.request’, $event);
- 28. Firewall FirewallMap
- 29. Firewall FirewallMap Listeners
- 30. Firewall FirewallMap Listeners Token
- 31. Firewall FirewallMap Listeners Token AuthenticationProvider
- 32. Firewall FirewallMap Listeners Token AuthenticationProvider UserProvider Encoder UserChecker
- 33. Firewall AuthSuccessHandler FirewallMap AuthFailureHandler Listeners LogoutHandler Token LogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
- 34. Firewall AuthSuccessHandler FirewallMap SessionAuthStrategy AuthFailureHandler Listeners RememberMe LogoutHandler Token LogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
- 35. Authorization
- 36. Voter
- 37. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter
- 38. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AuthenticatedVoter AuthenticatedTrustResolver
- 39. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter RoleVoter AuthenticatedVoter RoleHierarchy AuthenticatedTrustResolver
- 40. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AclVoter RoleVoter AuthenticatedVoter RoleHierarchy PermissionMap AuthenticatedTrustResolver AclProvider
- 41. Sveliamo il mistero isAuthenticated vs isGranted(‘IS_FULLY_AUTHENTICATED’)
- 42. Ego slide • Manuel “Kea” Baldassarri • Senior Developer • Webdev dal 1992 e PHP dev dal 1998 • Pro PHP: best practices • Marito e bi-padre • mb@ideato.it twitter: k3a • flickr: kea42 slideshare: kea42
- 43. ?
- 44. Tip #1 Impersonare un utente
- 45. Tip #2 • Documentazione • http://symfony.com/doc/current/book • http://symfony.com/doc/current/cookbook • http://symfony.com/doc/current/components • https://github.com/matthiasnoback/symfony-docs • http://symfony.com/doc/current/reference/ configuration/security.htm
- 46. Tip #3 Leggi il codice
- 47. Creative Common • http://www.flickr.com/photos/mardrom/ 8010607983/