diff --git a/book/security.rst b/book/security.rst
index e99e70b6a6b..b52d3bde44a 100644
--- a/book/security.rst
+++ b/book/security.rst
@@ -67,7 +67,7 @@ configuration looks like this:
+ security="false" />
@@ -81,7 +81,7 @@ configuration looks like this:
$container->loadFromExtension('security', array(
'providers' => array(
'in_memory' => array(
- 'memory' => array(),
+ 'memory' => null,
),
),
'firewalls' => array(
@@ -209,6 +209,8 @@ user to be logged in to access this URL:
# ...
firewalls:
# ...
+ default:
+ # ...
access_control:
# require ROLE_ADMIN for /admin*
@@ -231,10 +233,8 @@ user to be logged in to access this URL:
-
-
-
-
+
+
@@ -541,13 +541,14 @@ like this:
http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
-
@@ -555,6 +556,8 @@ like this:
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'providers' => array(
'in_memory' => array(
'memory' => array(
@@ -691,8 +694,11 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
# app/config/security.yml
security:
# ...
+
firewalls:
# ...
+ default:
+ # ...
access_control:
# require ROLE_ADMIN for /admin*
@@ -715,10 +721,8 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
-
-
-
-
+
+
@@ -727,6 +731,7 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
// app/config/security.php
$container->loadFromExtension('security', array(
// ...
+
'firewalls' => array(
// ...
'default' => array(
@@ -755,6 +760,7 @@ matches the URL.
# app/config/security.yml
security:
# ...
+
access_control:
- { path: ^/admin/users, roles: ROLE_SUPER_ADMIN }
- { path: ^/admin, roles: ROLE_ADMIN }
@@ -771,10 +777,9 @@ matches the URL.
-
-
-
-
+
+
+
@@ -783,6 +788,7 @@ matches the URL.
// app/config/security.php
$container->loadFromExtension('security', array(
// ...
+
'access_control' => array(
array('path' => '^/admin/users', 'role' => 'ROLE_SUPER_ADMIN'),
array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
@@ -1037,13 +1043,14 @@ the firewall can handle this automatically for you when you activate the
# app/config/security.yml
security:
+ # ...
+
firewalls:
secured_area:
# ...
logout:
path: /logout
target: /
- # ...
.. code-block:: xml
@@ -1056,11 +1063,12 @@ the firewall can handle this automatically for you when you activate the
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
+
-
@@ -1068,13 +1076,14 @@ the firewall can handle this automatically for you when you activate the
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'secured_area' => array(
// ...
- 'logout' => array('path' => 'logout', 'target' => '/'),
+ 'logout' => array('path' => '/logout', 'target' => '/'),
),
),
- // ...
));
Next, you'll need to create a route for this URL (but not a controller):
@@ -1085,7 +1094,7 @@ Next, you'll need to create a route for this URL (but not a controller):
# app/config/routing.yml
logout:
- path: /logout
+ path: /logout
.. code-block:: xml
@@ -1106,7 +1115,7 @@ Next, you'll need to create a route for this URL (but not a controller):
use Symfony\Component\Routing\Route;
$collection = new RouteCollection();
- $collection->add('logout', new Route('/logout', array()));
+ $collection->add('logout', new Route('/logout'));
return $collection;
@@ -1171,6 +1180,8 @@ rules by creating a role hierarchy:
# app/config/security.yml
security:
+ # ...
+
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
@@ -1186,6 +1197,8 @@ rules by creating a role hierarchy:
http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
ROLE_USER
ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH
@@ -1195,6 +1208,8 @@ rules by creating a role hierarchy:
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'role_hierarchy' => array(
'ROLE_ADMIN' => 'ROLE_USER',
'ROLE_SUPER_ADMIN' => array(
@@ -1224,6 +1239,8 @@ cookie will be ever created by Symfony):
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
http_basic: ~
@@ -1240,7 +1257,9 @@ cookie will be ever created by Symfony):
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
+
@@ -1250,8 +1269,10 @@ cookie will be ever created by Symfony):
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
- 'main' => array('http_basic' => array(), 'stateless' => true),
+ 'main' => array('http_basic' => null, 'stateless' => true),
),
));
diff --git a/cookbook/security/access_control.rst b/cookbook/security/access_control.rst
index ec09e05d4b9..1977b4ed403 100644
--- a/cookbook/security/access_control.rst
+++ b/cookbook/security/access_control.rst
@@ -54,12 +54,10 @@ Take the following ``access_control`` entries as an example:
-
-
-
-
-
-
+
+
+
+
@@ -82,7 +80,7 @@ Take the following ``access_control`` entries as an example:
array(
'path' => '^/admin',
'role' => 'ROLE_USER_METHOD',
- 'method' => 'POST, PUT',
+ 'methods' => 'POST, PUT',
),
array(
'path' => '^/admin',
@@ -193,11 +191,10 @@ pattern so that it is only accessible by requests from the local server itself:
-
-
-
-
+
+
@@ -208,12 +205,12 @@ pattern so that it is only accessible by requests from the local server itself:
// ...
'access_control' => array(
array(
- 'path' => '^/esi',
+ 'path' => '^/internal',
'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
'ips' => '127.0.0.1, ::1'
),
array(
- 'path' => '^/esi',
+ 'path' => '^/internal',
'role' => 'ROLE_NO_ACCESS'
),
),
@@ -270,11 +267,9 @@ the user will be redirected to ``https``:
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
-
-
+
.. code-block:: php
diff --git a/cookbook/security/acl.rst b/cookbook/security/acl.rst
index c6313167c40..67d341a703e 100644
--- a/cookbook/security/acl.rst
+++ b/cookbook/security/acl.rst
@@ -52,20 +52,36 @@ First, you need to configure the connection the ACL system is supposed to use:
# app/config/security.yml
security:
+ # ...
+
acl:
connection: default
.. code-block:: xml
-
- default
-
+
+
+
+
+
+
+
+ default
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', 'acl', array(
+ // ...
+
'connection' => 'default',
));
diff --git a/cookbook/security/csrf_in_login_form.rst b/cookbook/security/csrf_in_login_form.rst
index d957a2585b5..4db13ced455 100644
--- a/cookbook/security/csrf_in_login_form.rst
+++ b/cookbook/security/csrf_in_login_form.rst
@@ -26,6 +26,8 @@ provider available in the Form component:
# app/config/security.yml
security:
+ # ...
+
firewalls:
secured_area:
# ...
@@ -35,17 +37,19 @@ provider available in the Form component:
.. code-block:: xml
-
+
+ xsi:schemaLocation="http://symfony.com/schema/dic/services
+ http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
-
@@ -55,15 +59,17 @@ provider available in the Form component:
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'secured_area' => array(
// ...
'form_login' => array(
// ...
'csrf_provider' => 'form.csrf_provider',
- )
- )
- )
+ ),
+ ),
+ ),
));
The Security component can be configured further, but this is all information
@@ -124,6 +130,8 @@ After this, you have protected your login form against CSRF attacks.
# app/config/security.yml
security:
+ # ...
+
firewalls:
secured_area:
# ...
@@ -134,17 +142,19 @@ After this, you have protected your login form against CSRF attacks.
.. code-block:: xml
-
+
+ xsi:schemaLocation="http://symfony.com/schema/dic/services
+ http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
-
@@ -155,6 +165,8 @@ After this, you have protected your login form against CSRF attacks.
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'secured_area' => array(
// ...
@@ -162,9 +174,9 @@ After this, you have protected your login form against CSRF attacks.
// ...
'csrf_parameter' => '_csrf_security_token',
'intention' => 'a_private_string',
- )
- )
- )
+ ),
+ ),
+ ),
));
.. _`Cross-site request forgery`: http://en.wikipedia.org/wiki/Cross-site_request_forgery
diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst
index fb21870acaf..3f0928903c3 100644
--- a/cookbook/security/custom_authentication_provider.rst
+++ b/cookbook/security/custom_authentication_provider.rst
@@ -399,19 +399,24 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider``
.. code-block:: yaml
- # src/AppBundle/Resources/config/services.yml
+ # app/config/services.yml
services:
wsse.security.authentication.provider:
class: AppBundle\Security\Authentication\Provider\WsseProvider
- arguments: ["", "%kernel.cache_dir%/security/nonces"]
+ arguments:
+ - "" # User Provider
+ - "%kernel.cache_dir%/security/nonces"
+ public: false
wsse.security.authentication.listener:
class: AppBundle\Security\Firewall\WsseListener
arguments: ["@security.context", "@security.authentication.manager"]
+ public: false
.. code-block:: xml
-
+
+
@@ -424,8 +429,10 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider``
-
+ class="AppBundle\Security\Firewall\WsseListener"
+ public="false">
+
+
@@ -433,27 +440,33 @@ to service ids that do not exist yet: ``wsse.security.authentication.provider``
.. code-block:: php
- // src/AppBundle/Resources/config/services.php
+ // app/config/services.php
use Symfony\Component\DependencyInjection\Definition;
use Symfony\Component\DependencyInjection\Reference;
- $container->setDefinition('wsse.security.authentication.provider',
- new Definition(
- 'AppBundle\Security\Authentication\Provider\WsseProvider', array(
- '',
- '%kernel.cache_dir%/security/nonces',
+ $container
+ ->setDefinition('wsse.security.authentication.provider',
+ new Definition(
+ 'AppBundle\Security\Authentication\Provider\WsseProvider', array(
+ '', // User Provider
+ '%kernel.cache_dir%/security/nonces',
+ )
)
)
- );
-
- $container->setDefinition('wsse.security.authentication.listener',
- new Definition(
- 'AppBundle\Security\Firewall\WsseListener', array(
- new Reference('security.context'),
- new Reference('security.authentication.manager'),
+ ->setPublic(false)
+ ;
+
+ $container
+ ->setDefinition('wsse.security.authentication.listener',
+ new Definition(
+ 'AppBundle\Security\Firewall\WsseListener', array(
+ new Reference('security.context'),
+ new Reference('security.authentication.manager'),
+ )
)
)
- );
+ ->setPublic(false)
+ ;
Now that your services are defined, tell your security context about your
factory in your bundle class:
@@ -484,30 +497,48 @@ You are finished! You can now define parts of your app as under WSSE protection.
.. code-block:: yaml
+ # app/config/security.yml
security:
+ # ...
+
firewalls:
wsse_secured:
- pattern: /api/.*
+ pattern: ^/api/
stateless: true
wsse: true
.. code-block:: xml
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
+ // app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'wsse_secured' => array(
- 'pattern' => '/api/.*',
- 'stateless' => true,
- 'wsse' => true,
+ 'pattern' => '^/api/',
+ 'stateless' => true,
+ 'wsse' => true,
),
),
));
@@ -587,32 +618,46 @@ set to any desirable value per firewall.
.. code-block:: yaml
+ # app/config/security.yml
security:
+ # ...
+
firewalls:
wsse_secured:
- pattern: /api/.*
+ pattern: ^/api/
stateless: true
wsse: { lifetime: 30 }
.. code-block:: xml
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
+ // app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'wsse_secured' => array(
- 'pattern' => '/api/.*',
+ 'pattern' => '^/api/',
'stateless' => true,
- 'wsse' => array(
+ 'wsse' => array(
'lifetime' => 30,
),
),
diff --git a/cookbook/security/custom_provider.rst b/cookbook/security/custom_provider.rst
index 5ba3ac7c986..0f4e8d4f9e9 100644
--- a/cookbook/security/custom_provider.rst
+++ b/cookbook/security/custom_provider.rst
@@ -175,21 +175,29 @@ Now you make the user provider available as a service:
.. code-block:: yaml
- # src/Acme/WebserviceUserBundle/Resources/config/services.yml
+ # app/config/services.yml
services:
webservice_user_provider:
class: Acme\WebserviceUserBundle\Security\User\WebserviceUserProvider
.. code-block:: xml
-
-
-
-
+
+
+
+
+
+
+
+
.. code-block:: php
- // src/Acme/WebserviceUserBundle/Resources/config/services.php
+ // app/config/services.php
use Symfony\Component\DependencyInjection\Definition;
$container->setDefinition(
@@ -221,6 +229,8 @@ to the list of providers in the "security" section. Choose a name for the user p
# app/config/security.yml
security:
+ # ...
+
providers:
webservice:
id: webservice_user_provider
@@ -228,14 +238,26 @@ to the list of providers in the "security" section. Choose a name for the user p
.. code-block:: xml
-
-
-
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'providers' => array(
'webservice' => array(
'id' => 'webservice_user_provider',
@@ -253,20 +275,35 @@ users, e.g. by filling in a login form. You can do this by adding a line to the
# app/config/security.yml
security:
+ # ...
+
encoders:
Acme\WebserviceUserBundle\Security\User\WebserviceUser: sha512
.. code-block:: xml
-
- sha512
-
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'encoders' => array(
'Acme\WebserviceUserBundle\Security\User\WebserviceUser' => 'sha512',
),
@@ -305,6 +342,8 @@ options, the password may be encoded multiple times and encoded to base64.
# app/config/security.yml
security:
+ # ...
+
encoders:
Acme\WebserviceUserBundle\Security\User\WebserviceUser:
algorithm: sha512
@@ -314,18 +353,29 @@ options, the password may be encoded multiple times and encoded to base64.
.. code-block:: xml
-
-
-
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'encoders' => array(
'Acme\WebserviceUserBundle\Security\User\WebserviceUser' => array(
'algorithm' => 'sha512',
diff --git a/cookbook/security/entity_provider.rst b/cookbook/security/entity_provider.rst
index 6c760ef7dbf..347134229a8 100644
--- a/cookbook/security/entity_provider.rst
+++ b/cookbook/security/entity_provider.rst
@@ -226,23 +226,31 @@ the username and then check the password (more on passwords in a moment):
.. code-block:: xml
-
-
+
+
-
+
+
-
-
-
+
-
-
-
+
+
+
+
+
-
-
+
+
+
+
+
+
+
.. code-block:: php
@@ -253,7 +261,9 @@ the username and then check the password (more on passwords in a moment):
'algorithm' => 'bcrypt',
),
),
+
// ...
+
'providers' => array(
'our_db_provider' => array(
'entity' => array(
@@ -264,11 +274,12 @@ the username and then check the password (more on passwords in a moment):
),
'firewalls' => array(
'default' => array(
- 'pattern' => '^/',
+ 'pattern' => '^/',
'http_basic' => null,
- 'provider' => 'our_db_provider',
+ 'provider' => 'our_db_provider',
),
),
+
// ...
));
@@ -487,30 +498,37 @@ To finish this, just remove the ``property`` key from the user provider in
# app/config/security.yml
security:
# ...
+
providers:
our_db_provider:
entity:
class: AppBundle:User
- # ...
.. code-block:: xml
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
- ...,
+ // ...
+
'providers' => array(
'our_db_provider' => array(
'entity' => array(
@@ -518,7 +536,6 @@ To finish this, just remove the ``property`` key from the user provider in
),
),
),
- ...,
));
This tells Symfony to *not* query automatically for the User. Instead, when
diff --git a/cookbook/security/force_https.rst b/cookbook/security/force_https.rst
index 63bb7b2e2b2..e5d38992edb 100644
--- a/cookbook/security/force_https.rst
+++ b/cookbook/security/force_https.rst
@@ -13,24 +13,44 @@ to use HTTPS then you could use the following configuration:
.. code-block:: yaml
- access_control:
- - { path: ^/secure, roles: ROLE_ADMIN, requires_channel: https }
+ # app/config/security.yml
+ security:
+ # ...
+
+ access_control:
+ - { path: ^/secure, roles: ROLE_ADMIN, requires_channel: https }
.. code-block:: xml
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
- 'access_control' => array(
- array(
- 'path' => '^/secure',
- 'role' => 'ROLE_ADMIN',
- 'requires_channel' => 'https',
+ // app/config/security.php
+ $container->loadFromExtension('security', array(
+ // ...
+
+ 'access_control' => array(
+ array(
+ 'path' => '^/secure',
+ 'role' => 'ROLE_ADMIN',
+ 'requires_channel' => 'https',
+ ),
),
- ),
+ ));
The login form itself needs to allow anonymous access, otherwise users will
be unable to authenticate. To force it to use HTTPS you can still use
@@ -41,26 +61,47 @@ role:
.. code-block:: yaml
- access_control:
- - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+ # app/config/security.yml
+
+ security:
+ # ...
+
+ access_control:
+ - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
.. code-block:: xml
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
- 'access_control' => array(
- array(
- 'path' => '^/login',
- 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
- 'requires_channel' => 'https',
+ // app/config/security.php
+ $container->loadFromExtension('security', array(
+ // ...
+
+ 'access_control' => array(
+ array(
+ 'path' => '^/login',
+ 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
+ 'requires_channel' => 'https',
+ ),
),
- ),
+ ));
It is also possible to specify using HTTPS in the routing configuration,
see :doc:`/cookbook/routing/scheme` for more details.
diff --git a/cookbook/security/form_login.rst b/cookbook/security/form_login.rst
index 337d02a2fdf..e05e6067e58 100644
--- a/cookbook/security/form_login.rst
+++ b/cookbook/security/form_login.rst
@@ -52,6 +52,8 @@ if no previous page was stored in the session). To set it to the
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
form_login:
@@ -61,18 +63,28 @@ if no previous page was stored in the session). To set it to the
.. code-block:: xml
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'main' => array(
// ...
@@ -101,6 +113,8 @@ of what URL they had requested previously by setting the
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
form_login:
@@ -110,18 +124,29 @@ of what URL they had requested previously by setting the
.. code-block:: xml
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'main' => array(
// ...
@@ -147,31 +172,44 @@ this by setting ``use_referer`` to true (it defaults to false):
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
+ # ...
form_login:
# ...
- use_referer: true
+ use_referer: true
.. code-block:: xml
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'main' => array(
// ...
-
'form_login' => array(
// ...
'use_referer' => true,
@@ -238,30 +276,45 @@ option to another value.
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
+ # ...
form_login:
target_path_parameter: redirect_url
.. code-block:: xml
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'main' => array(
+ // ...
'form_login' => array(
- 'target_path_parameter' => redirect_url,
+ 'target_path_parameter' => 'redirect_url',
),
),
),
@@ -282,8 +335,11 @@ back to the login form itself. You can set this to a different route (e.g.
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
+ # ...
form_login:
# ...
failure_path: login_failure
@@ -291,22 +347,32 @@ back to the login form itself. You can set this to a different route (e.g.
.. code-block:: xml
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'main' => array(
// ...
-
'form_login' => array(
// ...
'failure_path' => 'login_failure',
diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst
index 5e20bef050d..d5c4ba9922d 100644
--- a/cookbook/security/form_login_setup.rst
+++ b/cookbook/security/form_login_setup.rst
@@ -45,8 +45,9 @@ First, enable form login under your firewall:
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
@@ -57,8 +58,9 @@ First, enable form login under your firewall:
// app/config/security.php
$container->loadFromExtension('security', array(
'firewalls' => array(
- 'main' => array(
- 'anonymous' => array(),
+ 'default' => array(
+ 'anonymous' => null,
+ 'http_basic' => null,
'form_login' => array(
'login_path' => '/login',
'check_path' => '/login_check',
@@ -160,7 +162,7 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``):
'_controller' => 'AppBundle:Security:login',
)));
- $collection->add('login_check', new Route('/login_check', array()));
+ $collection->add('login_check', new Route('/login_check'));
// no controller is bound to this route
// as it's handled by the Security system
@@ -356,11 +358,18 @@ all URLs (including the ``/login`` URL), will cause a redirect loop:
.. code-block:: xml
+
+
-
-
-
-
+
+
+
+
+
.. code-block:: php
@@ -388,12 +397,19 @@ fixes the problem:
.. code-block:: xml
+
+
-
-
-
-
-
+
+
+
+
+
+
.. code-block:: php
@@ -428,14 +444,23 @@ for the login page:
.. code-block:: xml
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
@@ -445,11 +470,11 @@ for the login page:
'firewalls' => array(
'login_firewall' => array(
'pattern' => '^/login$',
- 'anonymous' => array(),
+ 'anonymous' => null,
),
'secured_area' => array(
'pattern' => '^/',
- 'form_login' => array(),
+ 'form_login' => null,
),
),
diff --git a/cookbook/security/impersonating_user.rst b/cookbook/security/impersonating_user.rst
index dc254f42900..1daba483c36 100644
--- a/cookbook/security/impersonating_user.rst
+++ b/cookbook/security/impersonating_user.rst
@@ -15,6 +15,8 @@ done by activating the ``switch_user`` firewall listener:
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
# ...
@@ -29,8 +31,11 @@ done by activating the ``switch_user`` firewall listener:
xmlns:srv="http://symfony.com/schema/dic/services"
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd">
+
-
+
+
+
@@ -41,10 +46,12 @@ done by activating the ``switch_user`` firewall listener:
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'main'=> array(
// ...
- 'switch_user' => true
+ 'switch_user' => true,
),
),
));
@@ -115,6 +122,8 @@ setting:
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
# ...
@@ -130,7 +139,9 @@ setting:
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
+
@@ -141,6 +152,8 @@ setting:
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'main'=> array(
// ...
@@ -151,7 +164,7 @@ setting:
),
),
));
-
+
Events
------
@@ -200,13 +213,13 @@ how to change the sticky locale:
namespace AppBundle\EventListener;
use Symfony\Component\Security\Http\Event\SwitchUserEvent;
-
+
class SwitchUserListener
{
public function onSwitchUser(SwitchUserEvent $event)
{
$event->getRequest()->getSession()->set(
- '_locale',
+ '_locale',
$event->getTargetUser()->getLocale()
);
}
diff --git a/cookbook/security/multiple_user_providers.rst b/cookbook/security/multiple_user_providers.rst
index 4766ed92e44..3c2f879b5c5 100644
--- a/cookbook/security/multiple_user_providers.rst
+++ b/cookbook/security/multiple_user_providers.rst
@@ -132,6 +132,7 @@ the first provider is always used:
'provider' => 'user_db',
'http_basic' => array(
// ...
+ 'realm' => 'Secured Demo Area',
'provider' => 'in_memory',
),
'form_login' => array(),
diff --git a/cookbook/security/pre_authenticated.rst b/cookbook/security/pre_authenticated.rst
index 3b2fb7c2e16..3095f450899 100644
--- a/cookbook/security/pre_authenticated.rst
+++ b/cookbook/security/pre_authenticated.rst
@@ -26,6 +26,8 @@ Enable the x509 authentication for a particular firewall in the security configu
# app/config/security.yml
security:
+ # ...
+
firewalls:
secured_area:
pattern: ^/
@@ -34,14 +36,19 @@ Enable the x509 authentication for a particular firewall in the security configu
.. code-block:: xml
-
+
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:srv="http://symfony.com/schema/dic/services"
+ xsi:schemaLocation="http://symfony.com/schema/dic/services
+ http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
-
+
@@ -50,9 +57,11 @@ Enable the x509 authentication for a particular firewall in the security configu
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'secured_area' => array(
- 'pattern' => '^/'
+ 'pattern' => '^/',
'x509' => array(
'provider' => 'your_user_provider',
),
diff --git a/cookbook/security/remember_me.rst b/cookbook/security/remember_me.rst
index d405bbf801e..383410653c0 100644
--- a/cookbook/security/remember_me.rst
+++ b/cookbook/security/remember_me.rst
@@ -15,17 +15,20 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
.. code-block:: yaml
# app/config/security.yml
- firewalls:
- default:
- # ...
- remember_me:
- key: "%secret%"
- lifetime: 604800 # 1 week in seconds
- path: /
- # by default, the feature is enabled by checking a
- # checkbox in the login form (see below), uncomment the
- # below lines to always enable it.
- #always_remember_me: true
+ security:
+ # ...
+
+ firewalls:
+ default:
+ # ...
+ remember_me:
+ key: "%secret%"
+ lifetime: 604800 # 1 week in seconds
+ path: /
+ # by default, the feature is enabled by checking a
+ # checkbox in the login form (see below), uncomment the
+ # following line to always enable it.
+ #always_remember_me: true
.. code-block:: xml
@@ -38,17 +41,19 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
+
+
-
- path = "/"
- />
@@ -57,6 +62,8 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'default' => array(
// ...
@@ -66,7 +73,7 @@ the session lasts using a cookie with the ``remember_me`` firewall option:
'path' => '/',
// by default, the feature is enabled by checking a
// checkbox in the login form (see below), uncomment
- // the below lines to always enable it.
+ // the following line to always enable it.
//'always_remember_me' => true,
),
),
@@ -241,7 +248,7 @@ In the following example, the action is only allowed if the user has the
{
$isFullyAuthenticated = $this->get('security.context')
->isGranted('IS_AUTHENTICATED_FULLY');
-
+
if (!$isFullyAuthenticated) {
throw new AccessDeniedException();
}
diff --git a/cookbook/security/securing_services.rst b/cookbook/security/securing_services.rst
index fe92402fb7e..6835ba15f89 100644
--- a/cookbook/security/securing_services.rst
+++ b/cookbook/security/securing_services.rst
@@ -78,11 +78,18 @@ Then in your service configuration, you can inject the service:
.. code-block:: xml
-
-
-
-
-
+
+
+
+
+
+
+
+
+
.. code-block:: php
@@ -141,30 +148,32 @@ the :ref:`sidebar ` below):
.. code-block:: yaml
- # app/services.yml
-
- # ...
+ # app/config/services.yml
services:
newsletter_manager:
- # ...
+ class: AppBundle\Newsletter\NewsletterManager
tags:
- { name: security.secure_service }
.. code-block:: xml
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
- // app/services.php
+ // app/config/services.php
use Symfony\Component\DependencyInjection\Definition;
use Symfony\Component\DependencyInjection\Reference;
@@ -220,14 +229,14 @@ documentation.
.. code-block:: yaml
- # app/config/config.yml
+ # app/config/services.yml
jms_security_extra:
# ...
secure_all_services: true
.. code-block:: xml
-
+
-
-
-
+
+
.. code-block:: php
- // app/config/config.php
+ // app/config/services.php
$container->loadFromExtension('jms_security_extra', array(
// ...
'secure_all_services' => true,
diff --git a/cookbook/security/voters.rst b/cookbook/security/voters.rst
index 4bc7df40a3a..33c2e0da9c1 100644
--- a/cookbook/security/voters.rst
+++ b/cookbook/security/voters.rst
@@ -103,7 +103,7 @@ and tag it as a ``security.voter``:
.. code-block:: yaml
- # src/Acme/AcmeBundle/Resources/config/services.yml
+ # app/config/services.yml
services:
security.access.blacklist_voter:
class: AppBundle\Security\Authorization\Voter\ClientIpVoter
@@ -114,20 +114,31 @@ and tag it as a ``security.voter``:
.. code-block:: xml
-
-
-
-
- 123.123.123.123
- 171.171.171.171
-
-
-
+
+
+
+
+
+
+
+
+
+ 123.123.123.123
+ 171.171.171.171
+
+
+
+
+
.. code-block:: php
- // src/Acme/AcmeBundle/Resources/config/services.php
+ // app/config/services.php
use Symfony\Component\DependencyInjection\Definition;
use Symfony\Component\DependencyInjection\Reference;
@@ -136,7 +147,7 @@ and tag it as a ``security.voter``:
array(
new Reference('service_container'),
array('123.123.123.123', '171.171.171.171'),
- ),
+ )
);
$definition->addTag('security.voter');
$definition->setPublic(false);
@@ -173,6 +184,8 @@ application configuration file with the following code.
# app/config/security.yml
security:
+ # ...
+
access_decision_manager:
# strategy can be: affirmative, unanimous or consensus
strategy: unanimous
@@ -180,17 +193,29 @@ application configuration file with the following code.
.. code-block:: xml
-
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
// app/config/security.xml
$container->loadFromExtension('security', array(
- // strategy can be: affirmative, unanimous or consensus
+ // ...
+
'access_decision_manager' => array(
+ // strategy can be: affirmative, unanimous or consensus
'strategy' => 'unanimous',
),
));
@@ -198,8 +223,8 @@ application configuration file with the following code.
That's it! Now, when deciding whether or not a user should have access,
the new voter will deny access to any user in the list of blacklisted IPs.
-Note that the voters are only called, if any access is actually checked. So
-you need at least something like
+Note that the voters are only called, if any access is actually checked. So
+you need at least something like
.. configuration-block::
diff --git a/cookbook/security/voters_data_permission.rst b/cookbook/security/voters_data_permission.rst
index e2c0962672e..9c81f835594 100644
--- a/cookbook/security/voters_data_permission.rst
+++ b/cookbook/security/voters_data_permission.rst
@@ -153,7 +153,7 @@ and tag it with ``security.voter``:
.. code-block:: yaml
- # src/AppBundle/Resources/config/services.yml
+ # app/config/services.yml
services:
security.access.post_voter:
class: AppBundle\Security\Authorization\Voter\PostVoter
@@ -163,7 +163,7 @@ and tag it with ``security.voter``:
.. code-block:: xml
-
+
+
@@ -179,7 +180,7 @@ and tag it with ``security.voter``:
.. code-block:: php
- // src/AppBundle/Resources/config/services.php
+ // app/config/services.php
$container
->register(
'security.access.post_voter',