You Shall Not Pass - Security in Symfony

About me
Adam Polak
Developer at The Software House
polakadam@outlook.com
fb: polak.adam1

Task 1
• admin can remove any idea
• logged user can add new ideas
• logged user can remove his ideas

Security
• highly conﬁgurable
• easy to use
• integrated with Symfony 2

Encoders
encoders: 
Example2BundleEntityUser: 
algorithm: bcrypt 
cost: 12
interface PasswordEncoderInterface
public function encodePassword($raw, $salt);
public function isPasswordValid($encoded, $raw, $salt);
Example2BundleEntityUser: 
id: our.custom.encoder.service.id

Providers
providers: 
users: 
entity: 
class: Example2Bundle:User 
property: username
interface UserProviderInterface
public function loadUserByUsername($username);
public function refreshUser(UserInterface $user);
public function supportsClass($class);

Firewalls
firewalls: 
dev: 
pattern: ^/(_(profiler|wdt)|css|images|js)/ 
security: false 
main: 
anonymous: ~ 
form_login: 
login_path: example_2_login 
check_path: example_2_login_check 
username_parameter: login_type[login] 
password_parameter: login_type[password] 
default_target_path: /example-2 
#Target can be specified as a form parameter ex. 
#target_path_parameter: login_type[redirect] 
provider: users 
logout: 
path: /example-2/logout 
target: /example-2
access_control: 
- { path: ^/example-2, roles: IS_AUTHENTICATED_ANONYMOUSLY}

Voters
interface VoterInterface 
{ 
const ACCESS_GRANTED = 1; 
const ACCESS_ABSTAIN = 0; 
const ACCESS_DENIED = -1; 
 
public function supportsAttribute($attribute); 
public function supportsClass($class); 
public function vote(TokenInterface $token, $object, array $attributes); 
}

Voters v2
abstract class AbstractVoter implements VoterInterface 
{ 
public function supportsAttribute($attribute); 
public function supportsClass($class); 
public function vote(TokenInterface $token, $object, array $attributes); 
 
abstract protected function getSupportedClasses(); 
abstract protected function getSupportedAttributes(); 
abstract protected function isGranted($attribute, $object, $user = null); 
}

Voters
services: 
comment.voter: 
class: Example3BundleVoterCommentVoter 
tags: 
- { name: security.voter }

Talk is cheap.
Show me the code.

Task 2
• integration with facebook connect
• user should be logged in if his email is the same as the one on
facebook account

Custom Provider
• Token
• Listener
• Authentication provider
• Factory

Token
• keeps request information required for authentication
• after authentication it keeps logged user object

Token
interface TokenInterface 
{ 
public function __toString(); 
public function getRoles(); 
public function getCredentials(); 
public function getUser(); 
public function setUser($user); 
public function getUsername(); 
public function isAuthenticated(); 
public function setAuthenticated($isAuthenticated); 
public function eraseCredentials(); 
public function getAttributes(); 
public function setAttributes(array $attributes); 
public function hasAttribute($name); 
public function getAttribute($name); 
public function setAttribute($name, $value); 
}

Token
abstract class AbstractToken implements TokenInterface 
{
public function getCredentials();
}

Listener
• checks request for information required for authorisation
• creates non authenticated token
• starts authorisation process
interface ListenerInterface 
{ 
public function handle(GetResponseEvent $event); 
}

Authentication Provider
• authorises a given type of token
• adds user to authorised token
interface AuthenticationProviderInterface extends AuthenticationManagerInterface 
{ 
public function supports(TokenInterface $token); 
}
interface AuthenticationManagerInterface 
{ 
public function authenticate(TokenInterface $token); 
}

Factory
• assigns services to container
• creates provider instance for each firewall
• can define additional configuration parameters for our provider

Factory
interface SecurityFactoryInterface 
{ 
public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint); 
 
public function getPosition(); 
 
public function getKey(); 
 
public function addConfiguration(NodeDefinition $builder); 
}
$extension = $container->getExtension('security'); 
$extension->addSecurityListenerFactory(new OurCustomFactory());

Task 3
Something you know Something you have

Authorisation process
• user log in
• send authorisation code on user email
• display authorisation code form
• authorise user

Listener
form_login: 
success_handler: authentication.two_factor.listener
interface AuthenticationSuccessHandlerInterface 
{ 
public function onAuthenticationSuccess(Request $request, TokenInterface $token); 
}

You Shall Not Pass - Security in Symfony

More Related Content

What's hot

Viewers also liked

Similar to You Shall Not Pass - Security in Symfony

More from The Software House

Recently uploaded

You Shall Not Pass - Security in Symfony