Upcoming SlideShare
Published on
Symfony2 security layer
- 1. Symfony2 Security Layer Non chiedetemi del MethodSecurityInterceptor
- 2. Noi siamo qui
- 3. Eh?!
- 4. Sim sala min!
- 5. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 6. AutenticazioneAutorizzazione
- 7. app/config/security.ymlsecurity: providers: nomi_fantasiosi: entity: class: AcmeUserBundle:User property: username encoders: AcmeUserBundleEntityUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 8. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 9. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: md5 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 10. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 11. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: sha512 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 12. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 13. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_basic: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 14. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_digest: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 15. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ x509: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 16. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 17. app/config/security.ymlsecurity: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: ROLE_USER } admin: { password: kitten, roles: ROLE_ADMIN } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
- 18. L’autenticatopublic function indexAction(){ $user = $this ->get(security.context) ->getToken() ->getUser();}
- 19. getToken()?!
- 20. ...con user e password $this ->get(security.context) ->getToken() ->isAuthenticated()
- 21. ...con user e password $this ->get(security.context) ->getToken() E ->isAuthenticated() RU T
- 22. ...anonimo$this ->get(security.context) ->getToken() ->isAuthenticated()
- 23. ...anonimo$this ->get(security.context) ->getToken() E ->isAuthenticated() RU T
- 24. True?!
- 25. Authentication
- 26. La chiamata (app.php)$kernel = new AppKernel(prod, false);$request = Request::createFromGlobals();$response = $kernel->handle($request);$response->send();$kernel->terminate($request, $response);
- 27. La chiamata$this ->dispatcher ->dispatch(‘kernel.request’, $event);
- 28. FirewallFirewallMap
- 29. FirewallFirewallMap Listeners
- 30. FirewallFirewallMap Listeners Token
- 31. Firewall FirewallMap Listeners TokenAuthenticationProvider
- 32. Firewall FirewallMap Listeners Token AuthenticationProviderUserProvider Encoder UserChecker
- 33. FirewallAuthSuccessHandler FirewallMap AuthFailureHandler Listeners LogoutHandler TokenLogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
- 34. FirewallAuthSuccessHandler FirewallMap SessionAuthStrategy AuthFailureHandler Listeners RememberMe LogoutHandler TokenLogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
- 35. Authorization
- 36. Voter
- 37. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter
- 38. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AuthenticatedVoter AuthenticatedTrustResolver
- 39. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter RoleVoter AuthenticatedVoter RoleHierarchy AuthenticatedTrustResolver
- 40. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AclVoter RoleVoter AuthenticatedVoter RoleHierarchyPermissionMap AuthenticatedTrustResolver AclProvider
- 41. Sveliamo il mistero isAuthenticated vsisGranted(‘IS_FULLY_AUTHENTICATED’)
- 42. Ego slide• Manuel “Kea” Baldassarri• Senior Developer• Webdev dal 1992 e PHP dev dal 1998• Pro PHP: best practices• Marito e bi-padre• mb@ideato.it twitter: k3a• flickr: kea42 slideshare: kea42
- 43. ?
- 44. Tip #1Impersonare un utente
- 45. Tip #2• Documentazione • http://symfony.com/doc/current/book • http://symfony.com/doc/current/cookbook • http://symfony.com/doc/current/components • https://github.com/matthiasnoback/symfony-docs • http://symfony.com/doc/current/reference/ configuration/security.htm
- 46. Tip #3Leggi il codice
- 47. Creative Common• http://www.flickr.com/photos/mardrom/ 8010607983/
Be the first to comment