You Shall Not Pass - Security in Symfony
-
Upload
the-software-house -
Category
Technology
-
view
1.378 -
download
0
Transcript of You Shall Not Pass - Security in Symfony
![Page 1: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/1.jpg)
You shall not pass!Adam Polak
![Page 2: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/2.jpg)
About meAdam Polak
Developer at The Software House
fb: polak.adam1
![Page 3: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/3.jpg)
Client
Mr. Janusz
![Page 4: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/4.jpg)
Existing app
![Page 5: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/5.jpg)
Task 1• admin can remove any idea• logged user can add new ideas• logged user can remove his ideas
![Page 6: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/6.jpg)
Authorization
![Page 7: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/7.jpg)
Security• highly configurable• easy to use• integrated with Symfony 2
![Page 8: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/8.jpg)
Encodersencoders: Example2Bundle\Entity\User: algorithm: bcrypt cost: 12
interface PasswordEncoderInterface
public function encodePassword($raw, $salt);
public function isPasswordValid($encoded, $raw, $salt);
Example2Bundle\Entity\User: id: our.custom.encoder.service.id
![Page 9: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/9.jpg)
Providersproviders: users: entity: class: Example2Bundle:User property: username
interface UserProviderInterface
public function loadUserByUsername($username);
public function refreshUser(UserInterface $user);
public function supportsClass($class);
![Page 10: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/10.jpg)
Firewallsfirewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: ~ form_login: login_path: example_2_login check_path: example_2_login_check username_parameter: login_type[login] password_parameter: login_type[password] default_target_path: /example-2 #Target can be specified as a form parameter ex. #target_path_parameter: login_type[redirect] provider: users logout: path: /example-2/logout target: /example-2
access_control: - { path: ^/example-2, roles: IS_AUTHENTICATED_ANONYMOUSLY}
![Page 11: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/11.jpg)
ShowTime
![Page 12: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/12.jpg)
Votersinterface VoterInterface{ const ACCESS_GRANTED = 1; const ACCESS_ABSTAIN = 0; const ACCESS_DENIED = -1; public function supportsAttribute($attribute); public function supportsClass($class); public function vote(TokenInterface $token, $object, array $attributes); }
![Page 13: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/13.jpg)
Too complicated
![Page 14: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/14.jpg)
Voters v2abstract class AbstractVoter implements VoterInterface{ public function supportsAttribute($attribute); public function supportsClass($class); public function vote(TokenInterface $token, $object, array $attributes); abstract protected function getSupportedClasses(); abstract protected function getSupportedAttributes(); abstract protected function isGranted($attribute, $object, $user = null); }
![Page 15: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/15.jpg)
Are we done yet ?
![Page 16: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/16.jpg)
Voters
services: comment.voter: class: Example3Bundle\Voter\CommentVoter tags: - { name: security.voter }
![Page 17: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/17.jpg)
Talk is cheap.Show me the code.
![Page 18: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/18.jpg)
Task 2• integration with facebook connect• user should be logged in if his email is the same as the one on
facebook account
![Page 19: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/19.jpg)
Custom Provider• Token• Listener• Authentication provider• Factory
![Page 20: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/20.jpg)
Token• keeps request information required for authentication• after authentication it keeps logged user object
![Page 21: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/21.jpg)
Tokeninterface TokenInterface{ public function __toString(); public function getRoles(); public function getCredentials(); public function getUser(); public function setUser($user); public function getUsername(); public function isAuthenticated(); public function setAuthenticated($isAuthenticated); public function eraseCredentials(); public function getAttributes(); public function setAttributes(array $attributes); public function hasAttribute($name); public function getAttribute($name); public function setAttribute($name, $value); }
![Page 22: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/22.jpg)
![Page 23: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/23.jpg)
Token
abstract class AbstractToken implements TokenInterface{ public function getCredentials();
}
![Page 24: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/24.jpg)
Listener• checks request for information required for authorisation• creates non authenticated token• starts authorisation process
interface ListenerInterface{ public function handle(GetResponseEvent $event); }
![Page 25: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/25.jpg)
Authentication Provider• authorises a given type of token• adds user to authorised token
interface AuthenticationProviderInterface extends AuthenticationManagerInterface{ public function supports(TokenInterface $token); }
interface AuthenticationManagerInterface{ public function authenticate(TokenInterface $token); }
![Page 26: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/26.jpg)
Factory• assigns services to container• creates provider instance for each firewall• can define additional configuration parameters for our provider
![Page 27: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/27.jpg)
Factoryinterface SecurityFactoryInterface{ public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint); public function getPosition(); public function getKey(); public function addConfiguration(NodeDefinition $builder); }
$extension = $container->getExtension('security'); $extension->addSecurityListenerFactory(new OurCustomFactory());
![Page 28: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/28.jpg)
Code ?
![Page 29: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/29.jpg)
Task 3
Something you know Something you have
![Page 30: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/30.jpg)
Authorisation process• user log in• send authorisation code on user email• display authorisation code form• authorise user
![Page 31: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/31.jpg)
Listener
form_login: success_handler: authentication.two_factor.listener
interface AuthenticationSuccessHandlerInterface{ public function onAuthenticationSuccess(Request $request, TokenInterface $token); }
![Page 32: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/32.jpg)
How it works ?
![Page 33: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/33.jpg)
![Page 34: You Shall Not Pass - Security in Symfony](https://reader033.fdocuments.net/reader033/viewer/2022050614/587f3db91a28ab43318b5051/html5/thumbnails/34.jpg)
Thank you