Skip to content

[Security] Configuring a user checker per firewall #14721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 10 commits into from
Closed

[Security] Configuring a user checker per firewall #14721

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b4b2e57
Implemented the ChainUserChecker
May 20, 2015
f031185
Added the possibility to register multiple user checkers per firewall
May 21, 2015
ef016fa
Security factories are now injecting the chain user checker per firewall
May 21, 2015
315421e
Added a test case to cover when an empty set is passed
May 21, 2015
d2468f4
Updated docs to briefly explain the exception thrown
Jun 8, 2015
9c35cbb
Put some code back that was merged out by accident
Jun 8, 2015
75f766d
Thanks fabbot.io
Jul 16, 2015
331a52a
Removed bad merge
linaori Jul 16, 2015
c419603
Removed security.user_checker from services
Sep 28, 2015
6189cf2
Removed ChainUser checker & simplified config
Sep 29, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Removed ChainUser checker & simplified config
  • Loading branch information
Iltar van der Berg committed Oct 1, 2015
commit 6189cf2845d90d5a70bc46fea1ed650b466b6c20
8 changes: 4 additions & 4 deletions src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,10 +216,10 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
->prototype('scalar')->end()
->end()
->booleanNode('security')->defaultTrue()->end()
->arrayNode('user_checkers')
->defaultValue(array('security.user_checker'))
->info('A list of user checker service ids to use when authenticating users in this firewall.')
->prototype('scalar')->end()
->scalarNode('user_checker')
->defaultValue('security.user_checker')
->treatNullLike('security.user_checker')
->info('The UserChecker to use when authenticating users in this firewall.')
->end()
->scalarNode('request_matcher')->end()
->scalarNode('access_denied_url')->end()
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
$container
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao'))
->replaceArgument(0, new Reference($userProviderId))
->replaceArgument(1, new Reference('security.chain_user_checker.'.$id))
->replaceArgument(1, new Reference('security.user_checker.'.$id))
->replaceArgument(2, $id)
;

Expand Down
2 changes: 1 addition & 1 deletion ...mfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
$container
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind'))
->replaceArgument(0, new Reference($userProviderId))
->replaceArgument(1, new Reference('security.chain_user_checker.'.$id))
->replaceArgument(1, new Reference('security.user_checker.'.$id))
->replaceArgument(2, $id)
->replaceArgument(3, new Reference($config['service']))
->replaceArgument(4, $config['dn_string'])
Expand Down
2 changes: 1 addition & 1 deletion ...Bundle/SecurityBundle/DependencyInjection/Security/Factory/GuardAuthenticationFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
->replaceArgument(0, $authenticatorReferences)
->replaceArgument(1, new Reference($userProvider))
->replaceArgument(2, $id)
->replaceArgument(3, new Reference('security.chain_user_checker.'.$id))
->replaceArgument(3, new Reference('security.user_checker.'.$id))
;

// listener
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
$container
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.dao'))
->replaceArgument(0, new Reference($userProvider))
->replaceArgument(1, new Reference('security.chain_user_checker.'.$id))
->replaceArgument(1, new Reference('security.user_checker.'.$id))
->replaceArgument(2, $id)
;

Expand Down
2 changes: 1 addition & 1 deletion ...mfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpBasicLdapFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
$container
->setDefinition($provider, new DefinitionDecorator('security.authentication.provider.ldap_bind'))
->replaceArgument(0, new Reference($userProvider))
->replaceArgument(1, new Reference('security.chain_user_checker.'.$id))
->replaceArgument(1, new Reference('security.user_checker.'.$id))
->replaceArgument(2, $id)
->replaceArgument(3, new Reference($config['service']))
->replaceArgument(4, $config['dn_string'])
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
$authProviderId = 'security.authentication.provider.rememberme.'.$id;
$container
->setDefinition($authProviderId, new DefinitionDecorator('security.authentication.provider.rememberme'))
->replaceArgument(0, new Reference('security.chain_user_checker.'.$id))
->replaceArgument(0, new Reference('security.user_checker.'.$id))
->addArgument($config['secret'])
->addArgument($id)
;
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RemoteUserFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
$container
->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated'))
->replaceArgument(0, new Reference($userProvider))
->replaceArgument(1, new Reference('security.chain_user_checker.'.$id))
->replaceArgument(1, new Reference('security.user_checker.'.$id))
->addArgument($id)
;

Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/X509Factory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ public function create(ContainerBuilder $container, $id, $config, $userProvider,
$container
->setDefinition($providerId, new DefinitionDecorator('security.authentication.provider.pre_authenticated'))
->replaceArgument(0, new Reference($userProvider))
->replaceArgument(1, new Reference('security.chain_user_checker.'.$id))
->replaceArgument(1, new Reference('security.user_checker.'.$id))
->addArgument($id)
;

Expand Down
12 changes: 2 additions & 10 deletions src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -370,15 +370,7 @@ private function createFirewall(ContainerBuilder $container, $id, $firewall, &$a
// Exception listener
$exceptionListener = new Reference($this->createExceptionListener($container, $firewall, $id, $configuredEntryPoint ?: $defaultEntryPoint, $firewall['stateless']));

$userCheckers = array();
foreach ($firewall['user_checkers'] as $userChecker) {
$userCheckers[] = new Reference($userChecker);
}

$chainUserChecker = new Definition('Symfony\Component\Security\Core\User\ChainUserChecker', array($userCheckers));
$chainUserChecker->setPublic(false);

$container->setDefinition('security.chain_user_checker.'.$id, $chainUserChecker);
$container->setAlias(new Alias('security.user_checker.'.$id, false), $firewall['user_checker']);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick question: Why do we need to create aliases?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was the only way I was able to get the user checker defined per firewall. I use an Alias because of the following configuration:

        security:
            firewalls:
                admin:
                    pattern: ^/admin
                    user_checker: app.admin_user_checker
                secured_area:
                    pattern: ^/
                    user_checker: app.user_checker

When the firewall part is being created, I couldn't get the user checker in there, I can only distinguish them based on $id which is the firewall name. By creating an alias per firewall, I can see which is which.

  • security.user_checker.admin -> app.admin_user_checker
  • security.user_checker.secured_area -> app.user_checker

If you have a better idea, I can see if I can make that work instead.


return array($matcher, $listeners, $exceptionListener);
}
Expand Down Expand Up @@ -588,7 +580,7 @@ private function createSwitchUserListener($container, $id, $config, $defaultProv
$switchUserListenerId = 'security.authentication.switchuser_listener.'.$id;
$listener = $container->setDefinition($switchUserListenerId, new DefinitionDecorator('security.authentication.switchuser_listener'));
$listener->replaceArgument(1, new Reference($userProvider));
$listener->replaceArgument(2, new Reference('security.chain_user_checker.'.$id));
$listener->replaceArgument(2, new Reference('security.user_checker.'.$id));
$listener->replaceArgument(3, $id);
$listener->replaceArgument(6, $config['parameter']);
$listener->replaceArgument(7, $config['role']);
Expand Down
29 changes: 5 additions & 24 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,8 @@ public function testFirewalls()
array(
'security.channel_listener',
'security.context_listener.1',
'security.authentication.listener.basic.with_user_checkers',
'security.authentication.listener.anonymous.with_user_checkers',
'security.authentication.listener.basic.with_user_checker',
'security.authentication.listener.anonymous.with_user_checker',
'security.access_listener',
),
), $listeners);
Expand Down Expand Up @@ -242,36 +242,17 @@ public function testRememberMeThrowExceptions()

public function testUserCheckerConfig()
{
$definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.with_user_checkers');

$this->assertCount(1, $definition->getArguments());

$userCheckers = $definition->getArgument(0);
$this->assertCount(2, $userCheckers);
$this->assertEquals('app.user_checker1', $userCheckers[0]);
$this->assertEquals('app.user_checker2', $userCheckers[1]);
$this->assertEquals('app.user_checker', $this->getContainer('container1')->getAlias('security.user_checker.with_user_checker'));
}

public function testUserCheckerConfigWithDefaultChecker()
{
$definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.host');

$this->assertCount(1, $definition->getArguments());

$userCheckers = $definition->getArgument(0);
$this->assertCount(1, $userCheckers);
$this->assertEquals('security.user_checker', $userCheckers[0]);
$this->assertEquals('security.user_checker', $this->getContainer('container1')->getAlias('security.user_checker.host'));
}

public function testUserCheckerConfigWithNoCheckers()
{
$definition = $this->getContainer('container1')->getDefinition('security.chain_user_checker.secure');

$this->assertCount(1, $definition->getArguments());

$userCheckers = $definition->getArgument(0);

$this->assertEmpty($userCheckers);
$this->assertEquals('security.user_checker', $this->getContainer('container1')->getAlias('security.user_checker.secure'));
}

protected function getContainer($file)
Expand Down
9 changes: 3 additions & 6 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@
'remote_user' => true,
'logout' => true,
'remember_me' => array('secret' => 'TheSecret'),
'user_checkers' => array(),
'user_checker' => null,
),
'host' => array(
'pattern' => '/test',
Expand All @@ -81,11 +81,8 @@
'anonymous' => true,
'http_basic' => true,
),
'with_user_checkers' => array(
'user_checkers' => array(
'app.user_checker1',
'app.user_checker2',
),
'with_user_checker' => array(
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
),
Expand Down
7 changes: 3 additions & 4 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
<switch-user />
<x509 />
<remote-user />
<user-checkers></user-checkers>
<user-checker />
<logout />
<remember-me secret="TheSecret"/>
</firewall>
Expand All @@ -65,11 +65,10 @@
<http-basic />
</firewall>

<firewall name="with_user_checkers">
<firewall name="with_user_checker">
<anonymous />
<http-basic />
<user-checkers>app.user_checker1</user-checkers>
<user-checkers>app.user_checker2</user-checkers>
<user-checker>app.user_checker</user-checker>
</firewall>

<role id="ROLE_ADMIN">ROLE_USER</role>
Expand Down
8 changes: 3 additions & 5 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ security:
logout: true
remember_me:
secret: TheSecret
user_checkers:
user_checker: ~

host:
pattern: /test
Expand All @@ -65,12 +65,10 @@ security:
anonymous: true
http_basic: true

with_user_checkers:
with_user_checker:
anonymous: ~
http_basic: ~
user_checkers:
- "app.user_checker1"
- "app.user_checker2"
user_checker: app.user_checker

role_hierarchy:
ROLE_ADMIN: ROLE_USER
Expand Down
9 changes: 3 additions & 6 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/MainConfigurationTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,18 +119,15 @@ public function testDefaultUserCheckers()
$configuration = new MainConfiguration(array(), array());
$processedConfig = $processor->processConfiguration($configuration, array(static::$minimalConfig));

$this->assertEquals(array('security.user_checker'), $processedConfig['firewalls']['stub']['user_checkers']);
$this->assertEquals('security.user_checker', $processedConfig['firewalls']['stub']['user_checker']);
}

public function testUserCheckers()
{
$config = array(
'firewalls' => array(
'stub' => array(
'user_checkers' => array(
'security.dummy_checker',
'app.henk_checker',
),
'user_checker' => 'app.henk_checker',
),
),
);
Expand All @@ -140,6 +137,6 @@ public function testUserCheckers()
$configuration = new MainConfiguration(array(), array());
$processedConfig = $processor->processConfiguration($configuration, array($config));

$this->assertEquals(array('security.dummy_checker', 'app.henk_checker'), $processedConfig['firewalls']['stub']['user_checkers']);
$this->assertEquals('app.henk_checker', $processedConfig['firewalls']['stub']['user_checker']);
}
}
2 changes: 1 addition & 1 deletion ...urityBundle/Tests/DependencyInjection/Security/Factory/GuardAuthenticationFactoryTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ public function testBasicCreate()
'index_0' => array(new Reference('authenticator123')),
'index_1' => new Reference('my_user_provider'),
'index_2' => 'my_firewall',
'index_3' => new Reference('security.chain_user_checker.my_firewall'),
'index_3' => new Reference('security.user_checker.my_firewall'),
), $providerDefinition->getArguments());

$listenerDefinition = $container->getDefinition('security.authentication.listener.guard.my_firewall');
Expand Down
116 changes: 0 additions & 116 deletions src/Symfony/Component/Security/Core/Tests/User/ChainUserCheckerTest.php
View file
Open in desktop

This file was deleted.

Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy