diff --git a/book/security.rst b/book/security.rst index cb583031a90..148d390036f 100644 --- a/book/security.rst +++ b/book/security.rst @@ -25,8 +25,8 @@ application with HTTP Basic authentication. .. note:: - `Symfony's security component`_ is available as a standalone PHP library - for use inside any PHP project. + :doc:`Symfony's security component ` is + available as a standalone PHP library for use inside any PHP project. Basic Example: HTTP Authentication ---------------------------------- @@ -415,7 +415,7 @@ submission (i.e. ``/login_check``): ``check_path`` ``logout`` keys. These keys can be route names (as shown in this example) or URLs that have routes configured for them. -Notice that the name of the ``login`` route matches the``login_path`` config +Notice that the name of the ``login`` route matches the ``login_path`` config value, as that's where the security system will redirect users that need to login. @@ -674,14 +674,11 @@ see :doc:`/cookbook/security/form_login`. Authorization ------------- -The first step in security is always authentication: the process of verifying -who the user is. With Symfony, authentication can be done in any way - via -a form login, basic HTTP Authentication, or even via Facebook. - -Once the user has been authenticated, authorization begins. Authorization -provides a standard and powerful way to decide if a user can access any resource -(a URL, a model object, a method call, ...). This works by assigning specific -roles to each user, and then requiring different roles for different resources. +The first step in security is always authentication. Once the user has been +authenticated, authorization begins. Authorization provides a standard and +powerful way to decide if a user can access any resource (a URL, a model +object, a method call, ...). This works by assigning specific roles to each +user, and then requiring different roles for different resources. The process of authorization has two different sides: @@ -700,12 +697,6 @@ URL pattern. You've seen this already in the first example of this chapter, where anything matching the regular expression pattern ``^/admin`` requires the ``ROLE_ADMIN`` role. -.. caution:: - - Understanding exactly how ``access_control`` works is **very** important - to make sure your application is properly secured. See :ref:`security-book-access-control-explanation` - below for detailed information. - You can define as many URL patterns as you need - each is a regular expression. .. configuration-block:: @@ -757,12 +748,15 @@ to find *one* that matches the current request. As soon as it finds a matching is used to enforce access. Each ``access_control`` has several options that configure two different -things: (a) :ref:`should the incoming request match this access control entry` -and (b) :ref:`once it matches, should some sort of access restriction be enforced`: +things: + +* :ref:`should the incoming request match this access control entry` +* :ref:`once it matches, should some sort of access restriction be enforced`: .. _security-book-access-control-matching-options: -**(a) Matching Options** +Matching Options +................ Symfony2 creates an instance of :class:`Symfony\\Component\\HttpFoundation\\RequestMatcher` for each ``access_control`` entry, which determines whether or not a given @@ -842,7 +836,8 @@ will match any ``ip``, ``host`` or ``method``: .. _security-book-access-control-enforcement-options: -**(b) Access Enforcement** +Access Enforcement +.................. Once Symfony2 has decided which ``access_control`` entry matches (if any), it then *enforces* access restrictions based on the ``roles`` and ``requires_channel`` @@ -1185,7 +1180,9 @@ class: security: providers: main: - entity: { class: Acme\UserBundle\Entity\User, property: username } + entity: + class: Acme\UserBundle\Entity\User + property: username .. code-block:: xml @@ -1202,7 +1199,10 @@ class: $container->loadFromExtension('security', array( 'providers' => array( 'main' => array( - 'entity' => array('class' => 'Acme\UserBundle\Entity\User', 'property' => 'username'), + 'entity' => array( + 'class' => 'Acme\UserBundle\Entity\User', + 'property' => 'username', + ), ), ), )); @@ -1705,11 +1705,6 @@ Note that you will *not* need to implement a controller for the ``/logout`` URL as the firewall takes care of everything. You *do*, however, need to create a route so that you can use it to generate the URL: -.. caution:: - - As of Symfony 2.1, you *must* have a route that corresponds to your logout - path. Without this route, logging out will not work. - .. configuration-block:: .. code-block:: yaml @@ -1742,6 +1737,11 @@ a route so that you can use it to generate the URL: return $collection; +.. caution:: + + As of Symfony 2.1, you *must* have a route that corresponds to your logout + path. Without this route, logging out will not work. + Once the user has been logged out, he will be redirected to whatever path is defined by the ``target`` parameter above (e.g. the ``homepage``). For more information on configuring the logout, see the @@ -1861,7 +1861,7 @@ to show a link to exit impersonation: .. code-block:: html+jinja {% if is_granted('ROLE_PREVIOUS_ADMIN') %} - Exit impersonation + Exit impersonation {% endif %} .. code-block:: html+php @@ -2040,7 +2040,6 @@ Learn more from the Cookbook * :doc:`Access Control Lists (ACLs) ` * :doc:`/cookbook/security/remember_me` -.. _`Symfony's security component`: https://github.com/symfony/Security .. _`JMSSecurityExtraBundle`: http://jmsyst.com/bundles/JMSSecurityExtraBundle/1.2 .. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle .. _`implement the \Serializable interface`: http://php.net/manual/en/class.serializable.php pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy