diff --git a/book/security.rst b/book/security.rst
index e99e70b6a6b..b52d3bde44a 100644
--- a/book/security.rst
+++ b/book/security.rst
@@ -67,7 +67,7 @@ configuration looks like this:
+ security="false" />
@@ -81,7 +81,7 @@ configuration looks like this:
$container->loadFromExtension('security', array(
'providers' => array(
'in_memory' => array(
- 'memory' => array(),
+ 'memory' => null,
),
),
'firewalls' => array(
@@ -209,6 +209,8 @@ user to be logged in to access this URL:
# ...
firewalls:
# ...
+ default:
+ # ...
access_control:
# require ROLE_ADMIN for /admin*
@@ -231,10 +233,8 @@ user to be logged in to access this URL:
-
-
-
-
+
+
@@ -541,13 +541,14 @@ like this:
http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
-
@@ -555,6 +556,8 @@ like this:
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'providers' => array(
'in_memory' => array(
'memory' => array(
@@ -691,8 +694,11 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
# app/config/security.yml
security:
# ...
+
firewalls:
# ...
+ default:
+ # ...
access_control:
# require ROLE_ADMIN for /admin*
@@ -715,10 +721,8 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
-
-
-
-
+
+
@@ -727,6 +731,7 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
// app/config/security.php
$container->loadFromExtension('security', array(
// ...
+
'firewalls' => array(
// ...
'default' => array(
@@ -755,6 +760,7 @@ matches the URL.
# app/config/security.yml
security:
# ...
+
access_control:
- { path: ^/admin/users, roles: ROLE_SUPER_ADMIN }
- { path: ^/admin, roles: ROLE_ADMIN }
@@ -771,10 +777,9 @@ matches the URL.
-
-
-
-
+
+
+
@@ -783,6 +788,7 @@ matches the URL.
// app/config/security.php
$container->loadFromExtension('security', array(
// ...
+
'access_control' => array(
array('path' => '^/admin/users', 'role' => 'ROLE_SUPER_ADMIN'),
array('path' => '^/admin', 'role' => 'ROLE_ADMIN'),
@@ -1037,13 +1043,14 @@ the firewall can handle this automatically for you when you activate the
# app/config/security.yml
security:
+ # ...
+
firewalls:
secured_area:
# ...
logout:
path: /logout
target: /
- # ...
.. code-block:: xml
@@ -1056,11 +1063,12 @@ the firewall can handle this automatically for you when you activate the
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
+
-
@@ -1068,13 +1076,14 @@ the firewall can handle this automatically for you when you activate the
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
'secured_area' => array(
// ...
- 'logout' => array('path' => 'logout', 'target' => '/'),
+ 'logout' => array('path' => '/logout', 'target' => '/'),
),
),
- // ...
));
Next, you'll need to create a route for this URL (but not a controller):
@@ -1085,7 +1094,7 @@ Next, you'll need to create a route for this URL (but not a controller):
# app/config/routing.yml
logout:
- path: /logout
+ path: /logout
.. code-block:: xml
@@ -1106,7 +1115,7 @@ Next, you'll need to create a route for this URL (but not a controller):
use Symfony\Component\Routing\Route;
$collection = new RouteCollection();
- $collection->add('logout', new Route('/logout', array()));
+ $collection->add('logout', new Route('/logout'));
return $collection;
@@ -1171,6 +1180,8 @@ rules by creating a role hierarchy:
# app/config/security.yml
security:
+ # ...
+
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
@@ -1186,6 +1197,8 @@ rules by creating a role hierarchy:
http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+
ROLE_USER
ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH
@@ -1195,6 +1208,8 @@ rules by creating a role hierarchy:
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'role_hierarchy' => array(
'ROLE_ADMIN' => 'ROLE_USER',
'ROLE_SUPER_ADMIN' => array(
@@ -1224,6 +1239,8 @@ cookie will be ever created by Symfony):
# app/config/security.yml
security:
+ # ...
+
firewalls:
main:
http_basic: ~
@@ -1240,7 +1257,9 @@ cookie will be ever created by Symfony):
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
+
@@ -1250,8 +1269,10 @@ cookie will be ever created by Symfony):
// app/config/security.php
$container->loadFromExtension('security', array(
+ // ...
+
'firewalls' => array(
- 'main' => array('http_basic' => array(), 'stateless' => true),
+ 'main' => array('http_basic' => null, 'stateless' => true),
),
));
diff --git a/cookbook/security/access_control.rst b/cookbook/security/access_control.rst
index ec09e05d4b9..1977b4ed403 100644
--- a/cookbook/security/access_control.rst
+++ b/cookbook/security/access_control.rst
@@ -54,12 +54,10 @@ Take the following ``access_control`` entries as an example:
-
-
-
-
-
-
+
+
+
+
@@ -82,7 +80,7 @@ Take the following ``access_control`` entries as an example:
array(
'path' => '^/admin',
'role' => 'ROLE_USER_METHOD',
- 'method' => 'POST, PUT',
+ 'methods' => 'POST, PUT',
),
array(
'path' => '^/admin',
@@ -193,11 +191,10 @@ pattern so that it is only accessible by requests from the local server itself:
-
-
-
-
+
+
@@ -208,12 +205,12 @@ pattern so that it is only accessible by requests from the local server itself:
// ...
'access_control' => array(
array(
- 'path' => '^/esi',
+ 'path' => '^/internal',
'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
'ips' => '127.0.0.1, ::1'
),
array(
- 'path' => '^/esi',
+ 'path' => '^/internal',
'role' => 'ROLE_NO_ACCESS'
),
),
@@ -270,11 +267,9 @@ the user will be redirected to ``https``:
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
-
-
+
.. code-block:: php
diff --git a/cookbook/security/force_https.rst b/cookbook/security/force_https.rst
index 63bb7b2e2b2..e5d38992edb 100644
--- a/cookbook/security/force_https.rst
+++ b/cookbook/security/force_https.rst
@@ -13,24 +13,44 @@ to use HTTPS then you could use the following configuration:
.. code-block:: yaml
- access_control:
- - { path: ^/secure, roles: ROLE_ADMIN, requires_channel: https }
+ # app/config/security.yml
+ security:
+ # ...
+
+ access_control:
+ - { path: ^/secure, roles: ROLE_ADMIN, requires_channel: https }
.. code-block:: xml
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
- 'access_control' => array(
- array(
- 'path' => '^/secure',
- 'role' => 'ROLE_ADMIN',
- 'requires_channel' => 'https',
+ // app/config/security.php
+ $container->loadFromExtension('security', array(
+ // ...
+
+ 'access_control' => array(
+ array(
+ 'path' => '^/secure',
+ 'role' => 'ROLE_ADMIN',
+ 'requires_channel' => 'https',
+ ),
),
- ),
+ ));
The login form itself needs to allow anonymous access, otherwise users will
be unable to authenticate. To force it to use HTTPS you can still use
@@ -41,26 +61,47 @@ role:
.. code-block:: yaml
- access_control:
- - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+ # app/config/security.yml
+
+ security:
+ # ...
+
+ access_control:
+ - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
.. code-block:: xml
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
- 'access_control' => array(
- array(
- 'path' => '^/login',
- 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
- 'requires_channel' => 'https',
+ // app/config/security.php
+ $container->loadFromExtension('security', array(
+ // ...
+
+ 'access_control' => array(
+ array(
+ 'path' => '^/login',
+ 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
+ 'requires_channel' => 'https',
+ ),
),
- ),
+ ));
It is also possible to specify using HTTPS in the routing configuration,
see :doc:`/cookbook/routing/scheme` for more details.
diff --git a/cookbook/security/form_login.rst b/cookbook/security/form_login.rst
index 337d02a2fdf..1c45f464564 100644
--- a/cookbook/security/form_login.rst
+++ b/cookbook/security/form_login.rst
@@ -62,7 +62,7 @@ if no previous page was stored in the session). To set it to the
-
+
diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst
index 5e20bef050d..d5c4ba9922d 100644
--- a/cookbook/security/form_login_setup.rst
+++ b/cookbook/security/form_login_setup.rst
@@ -45,8 +45,9 @@ First, enable form login under your firewall:
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
@@ -57,8 +58,9 @@ First, enable form login under your firewall:
// app/config/security.php
$container->loadFromExtension('security', array(
'firewalls' => array(
- 'main' => array(
- 'anonymous' => array(),
+ 'default' => array(
+ 'anonymous' => null,
+ 'http_basic' => null,
'form_login' => array(
'login_path' => '/login',
'check_path' => '/login_check',
@@ -160,7 +162,7 @@ under your ``form_login`` configuration (``/login`` and ``/login_check``):
'_controller' => 'AppBundle:Security:login',
)));
- $collection->add('login_check', new Route('/login_check', array()));
+ $collection->add('login_check', new Route('/login_check'));
// no controller is bound to this route
// as it's handled by the Security system
@@ -356,11 +358,18 @@ all URLs (including the ``/login`` URL), will cause a redirect loop:
.. code-block:: xml
+
+
-
-
-
-
+
+
+
+
+
.. code-block:: php
@@ -388,12 +397,19 @@ fixes the problem:
.. code-block:: xml
+
+
-
-
-
-
-
+
+
+
+
+
+
.. code-block:: php
@@ -428,14 +444,23 @@ for the login page:
.. code-block:: xml
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
.. code-block:: php
@@ -445,11 +470,11 @@ for the login page:
'firewalls' => array(
'login_firewall' => array(
'pattern' => '^/login$',
- 'anonymous' => array(),
+ 'anonymous' => null,
),
'secured_area' => array(
'pattern' => '^/',
- 'form_login' => array(),
+ 'form_login' => null,
),
),
diff --git a/cookbook/security/multiple_user_providers.rst b/cookbook/security/multiple_user_providers.rst
index 4766ed92e44..3c2f879b5c5 100644
--- a/cookbook/security/multiple_user_providers.rst
+++ b/cookbook/security/multiple_user_providers.rst
@@ -132,6 +132,7 @@ the first provider is always used:
'provider' => 'user_db',
'http_basic' => array(
// ...
+ 'realm' => 'Secured Demo Area',
'provider' => 'in_memory',
),
'form_login' => array(),