You Shall Not Pass - Security in Symfony
0 likes3,097 views
Adam Polak - You shall not pass! Prezentacja z meetupu Uszanowanko Programowanko #9 - uszanowanko.pl Każdy programista wcześniej czy później spotyka się z problemem ograniczenia dostępu dla niechcianych osób do pewnych części systemu. Implementacja autoryzacji w zależności od wykorzystanego mechanizmu może być zarówno trywialna, jak i wymagać ogromu pracy. Jak przy pomocy Symfony oraz komponentu security ułatwić sobie pracę podczas implementacji popularnych systemów autoryzacji? Tego dowiesz się podczas tej prezentacji.
![Firewalls
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
form_login:
login_path: example_2_login
check_path: example_2_login_check
username_parameter: login_type[login]
password_parameter: login_type[password]
default_target_path: /example-2
#Target can be specified as a form parameter ex.
#target_path_parameter: login_type[redirect]
provider: users
logout:
path: /example-2/logout
target: /example-2
access_control:
- { path: ^/example-2, roles: IS_AUTHENTICATED_ANONYMOUSLY}](https://image.slidesharecdn.com/youshallnotpass-securityinsymfony-151027092533-lva1-app6892/85/You-Shall-Not-Pass-Security-in-Symfony-10-320.jpg)
More Related Content
What's hot (20)
Viewers also liked (20)
Similar to You Shall Not Pass - Security in Symfony (20)
![[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho](https://cdn.slidesharecdn.com/ss_thumbnails/cb16rianchoen-161109050650-thumbnail.jpg?width=560&fit=bounds)
More from The Software House (20)
Recently uploaded (20)
You Shall Not Pass - Security in Symfony
- 1. You shall not pass!Adam Polak
- 2. About me Adam Polak Developer at The Software House [email protected] fb: polak.adam1
- 4. Existing app
- 5. Task 1 • admin can remove any idea • logged user can add new ideas • logged user can remove his ideas
- 7. Security • highly configurable • easy to use • integrated with Symfony 2
- 8. Encoders encoders: Example2BundleEntityUser: algorithm: bcrypt cost: 12 interface PasswordEncoderInterface public function encodePassword($raw, $salt); public function isPasswordValid($encoded, $raw, $salt); Example2BundleEntityUser: id: our.custom.encoder.service.id
- 9. Providers providers: users: entity: class: Example2Bundle:User property: username interface UserProviderInterface public function loadUserByUsername($username); public function refreshUser(UserInterface $user); public function supportsClass($class);
- 10. Firewalls firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: ~ form_login: login_path: example_2_login check_path: example_2_login_check username_parameter: login_type[login] password_parameter: login_type[password] default_target_path: /example-2 #Target can be specified as a form parameter ex. #target_path_parameter: login_type[redirect] provider: users logout: path: /example-2/logout target: /example-2 access_control: - { path: ^/example-2, roles: IS_AUTHENTICATED_ANONYMOUSLY}
- 11. ShowTime
- 12. Voters interface VoterInterface { const ACCESS_GRANTED = 1; const ACCESS_ABSTAIN = 0; const ACCESS_DENIED = -1; public function supportsAttribute($attribute); public function supportsClass($class); public function vote(TokenInterface $token, $object, array $attributes); }
- 13. Too complicated
- 14. Voters v2 abstract class AbstractVoter implements VoterInterface { public function supportsAttribute($attribute); public function supportsClass($class); public function vote(TokenInterface $token, $object, array $attributes); abstract protected function getSupportedClasses(); abstract protected function getSupportedAttributes(); abstract protected function isGranted($attribute, $object, $user = null); }
- 15. Are we done yet ?
- 16. Voters services: comment.voter: class: Example3BundleVoterCommentVoter tags: - { name: security.voter }
- 17. Talk is cheap. Show me the code.
- 18. Task 2 • integration with facebook connect • user should be logged in if his email is the same as the one on facebook account
- 19. Custom Provider • Token • Listener • Authentication provider • Factory
- 20. Token • keeps request information required for authentication • after authentication it keeps logged user object
- 21. Token interface TokenInterface { public function __toString(); public function getRoles(); public function getCredentials(); public function getUser(); public function setUser($user); public function getUsername(); public function isAuthenticated(); public function setAuthenticated($isAuthenticated); public function eraseCredentials(); public function getAttributes(); public function setAttributes(array $attributes); public function hasAttribute($name); public function getAttribute($name); public function setAttribute($name, $value); }
- 23. Token abstract class AbstractToken implements TokenInterface { public function getCredentials(); }
- 24. Listener • checks request for information required for authorisation • creates non authenticated token • starts authorisation process interface ListenerInterface { public function handle(GetResponseEvent $event); }
- 25. Authentication Provider • authorises a given type of token • adds user to authorised token interface AuthenticationProviderInterface extends AuthenticationManagerInterface { public function supports(TokenInterface $token); } interface AuthenticationManagerInterface { public function authenticate(TokenInterface $token); }
- 26. Factory • assigns services to container • creates provider instance for each firewall • can define additional configuration parameters for our provider
- 27. Factory interface SecurityFactoryInterface { public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint); public function getPosition(); public function getKey(); public function addConfiguration(NodeDefinition $builder); } $extension = $container->getExtension('security'); $extension->addSecurityListenerFactory(new OurCustomFactory());
- 28. Code ?
- 29. Task 3 Something you know Something you have
- 30. Authorisation process • user log in • send authorisation code on user email • display authorisation code form • authorise user
- 31. Listener form_login: success_handler: authentication.two_factor.listener interface AuthenticationSuccessHandlerInterface { public function onAuthenticationSuccess(Request $request, TokenInterface $token); }
- 32. How it works ?
- 34. Thank you