-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
[Security] Configuring a user checker per firewall #14721
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
b4b2e57
Implemented the ChainUserChecker
f031185
Added the possibility to register multiple user checkers per firewall
ef016fa
Security factories are now injecting the chain user checker per firewall
315421e
Added a test case to cover when an empty set is passed
d2468f4
Updated docs to briefly explain the exception thrown
9c35cbb
Put some code back that was merged out by accident
75f766d
Thanks fabbot.io
331a52a
Removed bad merge
linaori c419603
Removed security.user_checker from services
6189cf2
Removed ChainUser checker & simplified config
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Security factories are now injecting the chain user checker per firewall
- Loading branch information
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Won't this mean that the
ChainUserCheckeris always injected into this class? For BC, if the newuser_checkersisn't specified, it should still inject the exact sameUserCheckerclass as it did before.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's correct, I did that on purpose. The 4 services using this are most likely not going to break BC, all of them are abstract and only created/defined through the 4 factories here. As far as I know, it's very, very difficult to properly extend those classes and even if you do, it's their own mistake if they use the
UserCheckeras interface instead of the interface as defined in all 4 classes.All custom implementations will still use
security.user_checkerand decorating that will still work as it's simply added as default when not defined. I don't see anything break here, but maybe you can give an example which I might have missed.If I don't inject the
ChainUserProviderif it's not defined, I won't be able to add a default configuration (which will work as it's just the default user checker being used).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@iltar Very well explained. Fwiw, I agree with you: the only BC break would be if you overrode these core services, then somehow type-hinted something internally in your overridden class to the concrete
UserProvider. And I don't believe that is really a BC break. So I agree with you - no issue here :)