Más contenido relacionado Similar a In The Future We All Use Symfony2 (20) In The Future We All Use Symfony21. IN THE FUTURE, WE ALL USE SYMFONY2
Brent Shaffer | Software Engineer
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 1
2. This Guy... Who is he?
§ Brent Shaffer
§ Too lazy to change the slide theme
§ OBU Software Engineer - Genesis Team
§ Symfony user for 3 years
§ Nashville Symfony UG
§ Author of ~20 Plugins
§ Contributed to Symfony2 Docs
§ Touched Fabien’s Hand
@bschaffer @bshaffer
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 2
3. What is he doing up there?
§ Rah Symfony Rah!
§ Symfony Momentum
§ Symfony2 advantages
§ Symfony2 shortcomings
§ Can we use it?
§ Should we use it?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 3
4. It’s time to play...
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 4
5. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
5
6. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
6
7. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
7
8. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
8
9. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
9
10. Definition Methodology The Kernel Security
Interfaces Usage The Profiler Speed
Containers Inheritance Twig Infrastructure
Configuration Behaviors Killing the Magic PHP 5.3
Tom Selleck’s Mustache Forms Testing
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
10
11. Dependency
Injection
Container
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 11
12. Dependency Injection Container
Dependency Injection Container
When one object requires Service that facilitates this
another object in order to process
perform its function Passing the
dependency to the
object that requires
it
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 12
13. Dependency Injection Container
class User
{
What we are used to
protected $storage;
function __construct()
{
$this->storage = new SessionStorage();
}
function setLanguage($language)
{
$this->storage->set('language', $language);
}
}
// ...
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 13
14. Dependency Injection Container
class User
{
What we want
protected $storage;
function __construct($storage)
{
$this->storage = $storage;
}
function setLanguage($language)
{
$this->storage->set('language', $language);
}
}
// ...
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 14
15. Dependency Injection Container
Instead of harcoding the Storage
dependency inside the User class
constructor
Inject the Storage dependency in the
User object
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 15
16. Dependency Injection Container
$storage = new SessionStorage('SESSION_ID');
$user = new User($storage);
// use a different storage engine
$storage = new MySQLSessionStorage('SESSION_ID');
$user = new User($storage);
ESS!
SUCC
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 16
17. Dependency Injection Container - Interfaces
Interfaces
§ Defines public methods of a class
§ Allow Plain Old PHP Objects as
dependencies (POPO’s)
§ Enable use of third party classes
through Adapters or Subclasses
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 17
18. Dependency Injection Container
class User
{
protected $storage;
function __construct(SessionStorageInterface $storage)
{
$this->storage = $storage;
}
}
interface SessionStorageInterface
SS!
{
function get($key);
function set($key, $value); SUCCE
}
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 18
19. Dependency Injection Container
The Container
§ Describes objects and their dependencies
§ Instantiates and configures objects on-
demand
§ A container SHOULD be able to manage
ANY PHP object (POPO)
§ The objects MUST not know that they are
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 19
20. Dependency Injection Container
§ Parameters
§ The SessionStorageInterface implementation we want to use (the class name)
§ The session name
§ Objects
§ SessionStorage
§ User
§ Dependencies
§ User depends on a SessionStorageInterface implementation
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 20
21. Dependency Injection Container
class Container
{
protected $parameters = array();
public function setParameter($key, $value)
{
$this->parameters[$key] = $value;
}
public function getParameter($key)
{
return $this->parameters[$key];
}
}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 21
22. Dependency Injection Container
$container = new Container();
$container->setParameter('session_name', 'SESSION_ID');
$container->setParameter('storage_class', 'SessionStorage');
// decoupled!
$class = $container->getParameter('storage_class');
$sessionStorage = new $class($container->getParameter('session_name'));
$user = new User($sessionStorage);
ESS!
SUCC
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 22
23. Dependency Injection Container - Configuration
What does this actually look like?
services: parameters:
storage: session_name: ‘SESSION_NAME’
class: %storage_class% storage_class: ‘SessionStorage’
arguments:
- %session_name%
user:
class: User
arguments:
- @storage
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 23
24. Dependency Injection Container
§ A DI Container does NOT manage ALL your objects
§ Good rule of thumb: It manages “Global” objects
§ Objects with only one instance (not the same as a singleton)
§ LIKE...
§ a User...
§ a Request...
§ a Logger...
§ a Database Connection...
§ UNLIKE
§ a Product...
§ a Blog Post...
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 24
25. Dependency Injection Container
§ Check out the Pimple project for more information
§ http://pimple-project.org/
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 25
26. Doctrine 2
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 26
27. Doctrine2 - Methodology
Paradigm Shift
§ A model is not a table
§ Objects are best when modeled after their real-world prototypes
§ Active Record pattern vs. Data Mapper pattern
§ Active Record: An object that wraps a row in a database table or view, encapsulates the database access, and
adds domain logic on that data.
§ Data Mapper: A layer that moves data between objects and a database while keeping them independent of each
other and the mapper itself.
§ We retain control of our domain
§ Persistence is separate from the object itself
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 27
28. Doctrine2 - Methodology
Entities
§ Lightweight persistent domain objects
§ Regular PHP Classes
§ Do not extend any base Doctrine class
§ Supports inheritance and abstract classes
§ Entities may extend non-entity classes and vice versa.
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 28
29. Doctrine2 - Methodology
Entity Manager
§ Central access point to the ORM functionality provided by Doctrine2.
The API is used to manage the persistence of your objects and to
query for persistent objects
§ Employs transactional write behind strategy that delays the
execution of SQL statements in order to execute them in the most
efficient way
§ Executes at end of transaction so that all write locks are quickly
released
§ Uses the Unit Of Work pattern to keep track of objects
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 29
30. Doctrine2 - Usage
What does this look like?
<?php
namespace Entities;
/** * @Entity @Table(name="users") */
class User
{
/** @Id @Column(type="integer") @GeneratedValue */
private $id;
/** @Column(length=50) */
private $name;
/** @OneToOne(targetEntity="Address") */
private $address;
}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 30
31. Doctrine2 - Usage
How do we persist it?
// Database connection information
$connectionOptions = array(
'driver' => 'pdo_sqlite',
'path' => 'database.sqlite'
);
// Create EntityManager
$em = EntityManager::create($connectionOptions, $config);
$user = new User;
$user->setName('Brent Shaffer');
$em->persist($user);
Game Board
$em->flush();
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 31
32. Doctrine2 - Inheritance
Inheritance
§ Three Kinds
§ Mapped Superclass
§ Single Table Inheritance
§ Class Table Inheritance
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 32
33. Doctrine2 - Inheritance
Inheritance Game Board
§ Mapped Superclass
§ Mapping data is contained in the superclass, but no database table is mapped to the superclass
§ Single Table Inheritance
§ All entities share one table.
§ To distinguish which row represents which type in the hierarchy a discriminator column is
used
§ Different and shared columns are maintained through Doctrine
§ Class Table Inheritance
§ Each class in the hierarchy is mapped to several tables: it’s own table and the tables of all
parent classes
§ The table of a child class is linked to the table of a parent class through a foreign key
constraint
§ A discriminator column is used in the topmost table of the hierarchy
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 33
34. Doctrine2 - Behaviors
Behaviors
§ What was wrong
§ Behaviors mocked multiple inheritance, a construct not supported in PHP
§ A necessary evil due to the active record implementation
§ The New Way
§ Interfaces
§ Describe what the object needs
§ Events and Listeners
§ Tell the Entity Manager how to handle the object
§ Traits
§ PHP 5.4
§ Copy and Paste for PHP functions, Similar to Modules in ruby.
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 34
35. Doctrine2 - Behaviors
§ An Example
§ Timestampable
§ Configure properties of your model to listen for on create and on update events
§ Assign the TimestampableListener as an EventSubscriber
§ Doctrine manager handles the rest
§ Existing Behaviors
§ Tree
§ Translatable
§ Sluggable
§ Timestampable
§ Loggable
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 35
36. The Kernel
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 36
37. The Kernel
The Internet is a series of tubes
the request
Client
/get-this Your App
(Browser)
<h1>You Got It!</h1>
the response
Your job is always to generate and return a response
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 37
38. The Kernel
§ The Basics
§ The HttpKernel class is the central class of Symfony2 and is responsible for handling
client requests. Its main goal is to "convert" a Request object to a Response object.
§ The handle() method takes a Request and always returns a Response.
§ The Controller
§ To convert a Request to a Response, the Kernel relies on a Controller. A Controller can
be any valid PHP callable.
§ The controller returns a Response Object
§ Events
§ Events are thrown for onCoreRequest, onCoreController, onCoreView, and
onCoreResponse, and onCoreException.
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 38
39. The Kernel
Drum Roll Please...
$kernel = new AppKernel('Brent Shaffer', false);
$kernel->handle(Request::createFromGlobals())->send();
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 39
40. The Profiler
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 40
41. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 41
42. The Profiler
The Symfony2 profiler collects useful information about
each request made to your application and stores them for
later analysis.
You rarely have to deal with the profiler directly as
Symfony2 provides visualizer tools like the Web Debug
Toolbar and the Web Profiler.
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 42
43. The Profiler
§ The profiler collects information for all requests (simple requests, redirects, exceptions,
Ajax requests, ESI requests; and for all HTTP methods and all formats).
§ A single URL can result in several associated profiling data (one per external request/
response pair).
§ The profiler stores data to allow for access anytime
// on the production machine
$profiler = $container->get('profiler')->getFromResponse($response);
$data = $profiler->export();
Text
// on the development machine
$profiler->import($data);
§ Profilers can be configured differently per IP, URL, or a custom matcher
service
framework:
profiler:
matcher: { ip: 192.168.0.0/24, path: "^/admin/", service: custom_matcher }
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 43
44. Twig
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 44
45. Twig
“You do know PHP is the best templating language, right?”
- Andi Gutmans
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 45
46. Twig
What is a templating engine?
§ A template engine allows you to render a presentation (HTML, XML, etc) via a
template in a controlled environment
§ It should allow special functionality that makes creating templates easier (helpers,
template inheritance, etc)
§ SMARTY is a templating engine
§ HAML is a templating engine
§ PHP is a templating engine
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 46
47. Twig
Why is PHP a crappy templating
engine? inheritance
rendering template files is a hack: an include statement with output-buffering control
§
no or faked template
§
§ no isolation: PHP templates make available any global variables or functions
§ no template-friendly syntax
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 47
48. Twig
What makes Twig better?
{{ var.method }}
{% for user in users %}
§ Template-oriented syntax * {{ user.name }}
{% else %}
§ Twig takes back the dot accessor No user has been found.
{% endfor %}
§ for else loop
§ Filters
§ Multiple inheritance {{ var |
uppercase }}
§ Dynamic template extension
{% extends "layout.html" %}
§ Horizontal reuse
{% block content %}
§ Extensible Content of the page...
{% endblock %}
§ Twig “Core” is nothing more than a set of default
extensions
§ Even Twig syntax is mutable {% use 'div_layout.html.twig' %}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 48
49. Twig
Twig in Action
warning. plagiarized content ahead
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 49
50. Twig
Extending
// add a custom function
$twig->addFunction('customfunc', new Twig_Function_Method($this, 'twigCustomFunc'));
public function twigCustomFunc(Twig_Environment $env, $var)
{
{{ customfunc(var)}} // do something awesome
}
// add a custom filter
$twig->addFilter('customfilt', new Twig_Filter_Function($this, 'doCustomFilt'));
public function twigCustomFilt(Twig_Environment $env, $var, $num)
{
{{ var | customfilt(2) }} // do something awesome
}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 50
51. Twig
Sandboxing
// specify trusted code
$tags = array('if');
$filters = array('upper');
$methods = array(
'Article' => array('getTitle', 'getBody'),
);
$properties = array(
'Article' => array('title', 'body'),
);
$functions = array('range');
$policy = new Twig_Sandbox_SecurityPolicy($tags, $filters, $methods, $properties, $functions);
// Add your extension to twig
$sandbox = new Twig_Extension_Sandbox($policy);
$twig->addExtension($sandbox);
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 51
52. Did Symfony2
Kill the
Magic?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 52
53. Did Symfony2 Kill The Magic?
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 53
54. Did Symfony2 Kill The Magic?
§ What is Magic?
§ The framework takes on new responsibility, and does so in
a way we don’t understand
§ We describe something as “killing the magic” when that
responsibility is returned to the developer
§ Why do some consider magic bad?
§ The Great Jon Wage:
§ “Magic is great when it works, but the magic you love is
also the cause of much of your pain”
§ “Magic makes it harder to understand what is
happening”
§ “Edgecases, Edgecases, Edgecases!”
§ “Magic is slow”
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 54
55. Did Symfony2 Kill The Magic?
§ Is Magic Bad?
§ Magic is bad when it is a hack
§ Doctrine1 Behaviors
§ Magic is bad when it is not well written
§ Symfony admin generator
§ Magic is bad when it disregards best practices
§ Doctrine1 Active Record
§ Magic is bad when it sacrifices control
§ sfInstaPrestoRestApiPluginnator
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 55
56. Did Symfony2 Kill The Magic?
Answer the Question Already!
§ Symfony2 did not kill the magic
§ Annotations alleviate verbosity of configuration
§ Propel2 will implement Doctrine2 in ActiveRecord form
§ Convention over Configuration often does the work for you
§ That bit about poorly written code? Symfony2 doesn’t have that problem.
§ The first step is to write a solid platform
§ The bells and whistles come next
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 56
58. Speed
“Fast as Hell”
- Fabien
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 58
59. Speed
§ Symfony2 Framework
§ 3 times faster than Symfony 1.4
§ 3 times faster than Zend Framework
§ Takes up 2 times less memory
§ Doctrine2
§ 4 times faster than Doctrine 1 (according to arbitrary benchmark)
§ Use of Transactions makes all batch operations significantly faster
§ Caching
§ Twig, Dependency Injection Container, Routes, are all as fast as they can possibly be
§ compiled down to plain PHP code
§ Everything is converted to plain calls
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 59
60. Speed
HTTP Caching
§ Symfony2‘s “Killer Feature”
§ We use the HTTP 1.1 Caching Specification
§ pre-invented wheels
§ Comes with a built in Gateway Cache (aka Reverse Proxy)
§ A shared cache on the server side
// web/app.php
$kernel = new AppCache(new AppKernel('prod', false));
$kernel->handle(Request::createFromGlobals())->send();
§ Make websites more scalable, reliable and performing better
§ Examples: Varnish, Squid, Akimai
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 60
61. Speed
HTTP Caching
§ Information is sent with headers
§ Cache-Control / Expires / Last-Modified / ETag
§ the switch from one proxy server to another is easy and transparent as no code modification
is needed!
§ Return “304 Not Modified” to save on bandwidth/cpu
§ Wait, you mean we have to understand HTTP 1.1 Specifications?
§ Yes.
§ And Http 1.1 Caching Headers?
§ That’s right
§ Well this party really died
§ It’s ok! Learning is fun.
§ You’ll probably get paid more someday
§ Ladies* love it. * no ladies love this
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 61
62. Speed
Show me the money!
// setting HTTP Cache headers for expiration
public function indexAction()
{
$response = $this->renderView('MyBundle:Main:index.html.twig');
$response->setMaxAge(600);
$response->setSharedMaxAge(600);
return $response; // setting HTTP Cache headers for validation
} public function indexAction()
{
$response = $this->renderView('MyBundle:Main:index.html.twig');
$response->setETag(md5($response->getContent()));
$response->isNotModified($this->get('request'));
return $response;
}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 62
63. It’s too simple.
I’ll never be able to cache my
app..
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 63
64. Speed
Don’t Cry! Use E-S-I!
Edge Side Includes
§ Akamai Specification
§ allow HTTP cache to be used to cache page fragments (even nested fragments)
independently.
§ Cache an entire page for 60 minutes, but an embedded sidebar for only 5 minutes.
§ Leave fragments uncached!
§ Each ESI tag has a fully-qualified URL. An ESI tag represents a page fragment that can be
fetched via the given URL.
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 64
65. Speed
Show me some mo’
money!
<html>
<body>
Some content
<!-- Embed the content of another page here -->
<esi:include src="http://..." />
More content
</body>
</html>
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 65
67. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 67
68. Infrastructure
Front Controllers
§ One file to rule them all
§ The Entry Point of your application
§ Useful when combining platforms
§ To the code machine!!!
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 68
69. Infrastructure
Symfony2 Core
§ The core consists of three things
§ components
§ bundles
§ bridges
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 69
70. Infrastructure - Symfony2 Core
Components
§ Orthogonal code, separately maintained
§ Examples
§ Yaml
§ Event Dispatcher
§ Routing
§ Security
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 70
71. Infrastructure - Symfony2 Core
Bundles
§ Bring libraries into the symfony
ecosystem
§ Examples
§ FrameworkBundle
§ DoctrineBundle
§ TwigBundle
§ SecurityBundle
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 71
72. Infrastructure - Symfony2 Core
Bridges
§ Ties between components independent of the
framework
§ Ensures components and bundles really are
standalone
§ Examples
§ DoctrineBridge
§ MonologBridge
§ TwigBridge
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 72
73. Infrastructure
Symfony2 Framework
§ The framework consists of three main things
§ Vendors
§ Your Source
§ The Application
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 73
74. Infrastructure - Symfony2 Core
Vendors
§ Third party code. Can be libraries or bundles
§ Examples
§ Libraries: doctrine-mongodb
§ Bundles: DoctrineMongoDbBundle
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 74
75. Infrastructure - Symfony2 Core
Source
§ Your code! Anything application-specific
§ Probably bundles
§ libraries inside bundles
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 75
76. Infrastructure - Symfony2 Framework
The Application
§ The overmind
§ Ties it all together
§ configuration
§ routing
§ autoloading
§ stuff like that
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 76
77. Infrastructure
Bundles?
§ Cutesy French Word
§ Like everything else, they come in threes
§ Core Bundles
§ Vendor Bundles
§ Source Bundles
§ Everything is a bundle. Even you.
§ Ok I lied, not everything. But most things.
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 77
78. Infrastructure - Bundles
Bundles contain...
§ Routing
§ Controllers
§ Views
§ Doctrine Objects
§ Libraries
§ Assets
§ Just About Everything
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 78
79. Infrastructure - Bundles
Organization++
§ Namespaced
§ Flexible Structure
§ I have a dream! That one day! All
products shall live side-by-side in one src
directory!
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 79
81. Security
§ Authentication and Authorization
§ Authentication - identify the user
§ Use built in authentication methods
§ Login forms, HTTP Authentication, X.509 Certificates
§ Stateless
§ Write custom authentication
§ Ex: Lock down a URL pattern to Twitter users only
§ Authorization - do they have access?
§ User Roles
§ Firewalls
§ Activated based on a URL regex match
§ Sends authentication back to the user
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 81
82. Security
§ User Providers
§ Users can come from anywhere
§ database table
§ web service
§ in memory
§ Use Multiple user providers in a single application
§ Custom User Providers
§ UserInterface / UserProviderInterface
§ Encoding
§ Configured per user provider
§ Also customizable (PasswordEncoderInterface)
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 82
83. Security
A Practical Example
# app/config/config.yml
security:
firewalls:
secured_area: Authentication
pattern: ^/
anonymous: ~
http_basic:
realm: "Secured Demo Area"
Authorization
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
providers:
in_memory: User Providers
users:
brent: { password: brentpass, roles: 'ROLE_USER' }
admin: { password: kitten, roles: 'ROLE_ADMIN' }
encoders: Password Encoding
SymfonyComponentSecurityCoreUserUser: plaintext
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 83
84. Security
Extending the Security Component
§ You can get a good look at a T-Bone if you stick your head up a... no wait, it’s
your bull.
§ WSSE (because we all hate SOAP)
§ Four Classes
§ WsseListener
§ WsseProvider
§ WsseToken
§ WsseFactory # app/config/config.yml
security:
§ not as easy as advertised firewalls:
§ But... my_service:
pattern: ^/api/.*
wsse: true
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 84
85. Security
Allows for the extending of Services
§ When secure methods of a service class are called, unauthenticated users are prompted
with a login.
class NewsletterManager
§ That’s neat. {
protected $securityContext;
§ Wait... WHAT??
public function __construct(SecurityContextInterface $securityContext)
{
Awesome $this->securityContext = $securityContext;
}
Rad public function sendNewsletter()
{
Groovy if (false == $this->securityContext->isGranted('NEWSLETTER_ADMIN')) {
throw new AccessDeniedException();
}
//--
}
}
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 85
86. Security
In Conclusion
§ Symfony2 uses the well-proven security model of authentication and authorization.
§ The security component is very robust, and made to handle enterprise-level
authentication needs
§ The container makes it possible to extend security even further
§ Custom authentication methods
§ Custom user providers
§ Custom authorization
§ Custom encoding
http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 86
87. PHP 5.3
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 87
88. PHP 5.3
§ Why is everyone so scared?
§ PHP 5.2 came out in 2006
§ PHP 5.3 has been out for two years
§ Who uses it?
§ Doctrine2, MongoODM, Symfony2, Zend Framework2, Assetic, Behat, Monolog... more to
come
§ What do we get?
§ Namespaces
§ Autoloading, Avoid Collisions, Organization
§ Closures and Lamdas, y’all!
§ Late Static Binding
§ SPL Enhancements, new functions
§ OpenSSL, Mysql, and DateTime functions, native array functions, parse_ini_string(), str_getcsv(), etc.
§ Chaining Exceptions
Game Board
§ exciting news for huge nerds
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 88
90. Testing
PHPUnit
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 90
92. Testing
[Slides to make you sound
like you understand forms here]
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 92
93. Your Mother
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 93
94. Tom Selleck’s Mustache
Game Board
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 94
98. Standard White Background Bullet Slide
Questions?
§ http://brentertainment.com
§ http://github.com/bshaffer
§ @bshaffer
© 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. 98
99. © 2011 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.