SlideShare una empresa de Scribd logo
1 de 48
Descargar para leer sin conexión
Symfony2 Security Layer
 Non chiedetemi del MethodSecurityInterceptor
Noi siamo qui
Symfony2 security layer
Eh?!
Sim sala min!
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: plaintext

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           form_login:
               login_path:   /login
               check_path:   /login_check

   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
Autenticazione
Autorizzazione
app/config/security.yml
security:
    providers:
        nomi_fantasiosi:
            entity:
                class: AcmeUserBundle:User
                property: username


    encoders:
        AcmeUserBundleEntityUser: sha1

    firewalls:
        secured_area:
            pattern:     ^/
            anonymous: ~
            form_login:
                login_path:   /login
                check_path:   /login_check

    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: sha1

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           form_login:
               login_path:   /login
               check_path:   /login_check

   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: md5

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           form_login:
               login_path:   /login
               check_path:   /login_check

   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: sha1

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           form_login:
               login_path:   /login
               check_path:   /login_check

   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: sha512

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           form_login:
               login_path:   /login
               check_path:   /login_check

   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: plaintext

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           form_login:
               login_path:   /login
               check_path:   /login_check

   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: plaintext

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           http_basic: ~



   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: plaintext

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           http_digest: ~



   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: plaintext

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           x509: ~



   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: plaintext

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           form_login:
               login_path:   /login
               check_path:   /login_check

   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
app/config/security.yml
security:
    providers:
        in_memory:
            memory:
                users:
                    ryan: { password: ryanpass, roles: 'ROLE_USER' }
                    admin: { password: kitten, roles: 'ROLE_ADMIN' }

   encoders:
       SymfonyComponentSecurityCoreUserUser: plaintext

   firewalls:
       secured_area:
           pattern:     ^/
           anonymous: ~
           form_login:
               login_path:   /login
               check_path:   /login_check

   access_control:
       - { path: ^/admin, roles: ROLE_ADMIN }
L’autenticato
public function indexAction()
{
    $user = $this
         ->get('security.context')
         ->getToken()
         ->getUser();
}
getToken()?!
...con user e password

   $this
      ->get('security.context')
      ->getToken()
      ->isAuthenticated()
...con user e password

   $this
      ->get('security.context')
      ->getToken()


                                E
      ->isAuthenticated()


                             RU
                            T
...anonimo

$this
   ->get('security.context')
   ->getToken()
   ->isAuthenticated()
...anonimo

$this
   ->get('security.context')
   ->getToken()


                             E
   ->isAuthenticated()


                          RU
                         T
True?!
Authentication
La chiamata (app.php)

$kernel = new AppKernel('prod', false);
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);
La chiamata

$this
   ->dispatcher
   ->dispatch(‘kernel.request’, $event);
Firewall


FirewallMap
Firewall


FirewallMap


 Listeners
Firewall


FirewallMap


 Listeners

              Token
Firewall


     FirewallMap


      Listeners

                         Token
AuthenticationProvider
Firewall


                    FirewallMap


                     Listeners

                                          Token
               AuthenticationProvider



UserProvider                            Encoder
                   UserChecker
Firewall


AuthSuccessHandler
                            FirewallMap

 AuthFailureHandler
                             Listeners
   LogoutHandler
                                                  Token
LogoutSuccessHandler   AuthenticationProvider



       UserProvider                             Encoder
                           UserChecker
Firewall


AuthSuccessHandler
                            FirewallMap
                                                SessionAuthStrategy
 AuthFailureHandler
                             Listeners            RememberMe
   LogoutHandler
                                                      Token
LogoutSuccessHandler   AuthenticationProvider



       UserProvider                                Encoder
                           UserChecker
Authorization
Voter
SecurityContext     AccessListener    MethodSecurityInterceptor



                  AccessDecisionManager


                          Voter
SecurityContext     AccessListener     MethodSecurityInterceptor



                  AccessDecisionManager


                          Voter


                                           AuthenticatedVoter




                                     AuthenticatedTrustResolver
SecurityContext     AccessListener     MethodSecurityInterceptor



                  AccessDecisionManager


                          Voter


                        RoleVoter          AuthenticatedVoter


                          RoleHierarchy

                                     AuthenticatedTrustResolver
SecurityContext     AccessListener     MethodSecurityInterceptor



                  AccessDecisionManager


                          Voter


     AclVoter           RoleVoter          AuthenticatedVoter


                           RoleHierarchy
PermissionMap
                                     AuthenticatedTrustResolver
                  AclProvider
Sveliamo il mistero

           isAuthenticated
                 vs
isGranted(‘IS_FULLY_AUTHENTICATED’)
Ego slide
• Manuel “Kea” Baldassarri
• Senior Developer
• Webdev dal 1992 e PHP dev dal 1998
• Pro PHP: best practices
• Marito e bi-padre
• mb@ideato.it	

 	

 twitter: k3a
• flickr: kea42	

	

 	

 slideshare: kea42
?
Tip #1


Impersonare un utente
Tip #2
• Documentazione
 • http://symfony.com/doc/current/book
 • http://symfony.com/doc/current/cookbook
 • http://symfony.com/doc/current/components
 • https://github.com/matthiasnoback/symfony-docs
 • http://symfony.com/doc/current/reference/
    configuration/security.htm
Tip #3


Leggi il codice
Creative Common


• http://www.flickr.com/photos/mardrom/
  8010607983/

Más contenido relacionado

Similar a Symfony2 security layer

Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net FrameworkRamakanta Behera
 
devise tutorial - 2011 rubyconf taiwan
devise tutorial - 2011 rubyconf taiwandevise tutorial - 2011 rubyconf taiwan
devise tutorial - 2011 rubyconf taiwanTse-Ching Ho
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsDevSecCon
 
The Web beyond "usernames & passwords" (OSDC12)
The Web beyond "usernames & passwords" (OSDC12)The Web beyond "usernames & passwords" (OSDC12)
The Web beyond "usernames & passwords" (OSDC12)Francois Marier
 
Lesson_07_Spring_Security_Register_NEW.pdf
Lesson_07_Spring_Security_Register_NEW.pdfLesson_07_Spring_Security_Register_NEW.pdf
Lesson_07_Spring_Security_Register_NEW.pdfScott Anderson
 
Lesson_07_Spring_Security_Login_NEW.pdf
Lesson_07_Spring_Security_Login_NEW.pdfLesson_07_Spring_Security_Login_NEW.pdf
Lesson_07_Spring_Security_Login_NEW.pdfScott Anderson
 
Passwords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerPasswords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
 
Authentication Control
Authentication ControlAuthentication Control
Authentication ControldevObjective
 
Dev objecttives-2015 auth-auth-fine-grained-slides
Dev objecttives-2015 auth-auth-fine-grained-slidesDev objecttives-2015 auth-auth-fine-grained-slides
Dev objecttives-2015 auth-auth-fine-grained-slidesColdFusionConference
 
Firefox Syncサーバーを建ててみた
Firefox Syncサーバーを建ててみたFirefox Syncサーバーを建ててみた
Firefox Syncサーバーを建ててみたHiromu Yakura
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreRyan Weaver
 
Learn Apache Shiro
Learn Apache ShiroLearn Apache Shiro
Learn Apache ShiroSmita Prasad
 
Sécurisation de vos applications web à l’aide du composant Security de Symfony
Sécurisation de vos applications web  à l’aide du composant Security de SymfonySécurisation de vos applications web  à l’aide du composant Security de Symfony
Sécurisation de vos applications web à l’aide du composant Security de SymfonyVladyslav Riabchenko
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring SecurityBurt Beckwith
 
Desymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesDesymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesAlbert Jessurum
 
Authenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsAuthenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsJimmy Guerrero
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSlawomir Jasek
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
JavaEE Security
JavaEE SecurityJavaEE Security
JavaEE SecurityAlex Kim
 
How to implement multiple authentication guards in laravel 8
How to implement multiple authentication guards in laravel 8How to implement multiple authentication guards in laravel 8
How to implement multiple authentication guards in laravel 8Katy Slemon
 

Similar a Symfony2 security layer (20)

Security In .Net Framework
Security In .Net FrameworkSecurity In .Net Framework
Security In .Net Framework
 
devise tutorial - 2011 rubyconf taiwan
devise tutorial - 2011 rubyconf taiwandevise tutorial - 2011 rubyconf taiwan
devise tutorial - 2011 rubyconf taiwan
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
 
The Web beyond "usernames & passwords" (OSDC12)
The Web beyond "usernames & passwords" (OSDC12)The Web beyond "usernames & passwords" (OSDC12)
The Web beyond "usernames & passwords" (OSDC12)
 
Lesson_07_Spring_Security_Register_NEW.pdf
Lesson_07_Spring_Security_Register_NEW.pdfLesson_07_Spring_Security_Register_NEW.pdf
Lesson_07_Spring_Security_Register_NEW.pdf
 
Lesson_07_Spring_Security_Login_NEW.pdf
Lesson_07_Spring_Security_Login_NEW.pdfLesson_07_Spring_Security_Login_NEW.pdf
Lesson_07_Spring_Security_Login_NEW.pdf
 
Passwords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answerPasswords suck, but centralized proprietary services are not the answer
Passwords suck, but centralized proprietary services are not the answer
 
Authentication Control
Authentication ControlAuthentication Control
Authentication Control
 
Dev objecttives-2015 auth-auth-fine-grained-slides
Dev objecttives-2015 auth-auth-fine-grained-slidesDev objecttives-2015 auth-auth-fine-grained-slides
Dev objecttives-2015 auth-auth-fine-grained-slides
 
Firefox Syncサーバーを建ててみた
Firefox Syncサーバーを建ててみたFirefox Syncサーバーを建ててみた
Firefox Syncサーバーを建ててみた
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
 
Learn Apache Shiro
Learn Apache ShiroLearn Apache Shiro
Learn Apache Shiro
 
Sécurisation de vos applications web à l’aide du composant Security de Symfony
Sécurisation de vos applications web  à l’aide du composant Security de SymfonySécurisation de vos applications web  à l’aide du composant Security de Symfony
Sécurisation de vos applications web à l’aide du composant Security de Symfony
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring Security
 
Desymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus BundlesDesymfony 2011 - Habemus Bundles
Desymfony 2011 - Habemus Bundles
 
Authenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIsAuthenticating and Securing Node.js APIs
Authenticating and Securing Node.js APIs
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
JavaEE Security
JavaEE SecurityJavaEE Security
JavaEE Security
 
How to implement multiple authentication guards in laravel 8
How to implement multiple authentication guards in laravel 8How to implement multiple authentication guards in laravel 8
How to implement multiple authentication guards in laravel 8
 

Más de Manuel Baldassarri

Más de Manuel Baldassarri (8)

Swoole Overview
Swoole OverviewSwoole Overview
Swoole Overview
 
Videogiochi in PHP 👾
Videogiochi in PHP 👾Videogiochi in PHP 👾
Videogiochi in PHP 👾
 
From * to Symfony2
From * to Symfony2From * to Symfony2
From * to Symfony2
 
Un CMS in 25min con Symfony CMF
Un CMS in 25min con Symfony CMFUn CMS in 25min con Symfony CMF
Un CMS in 25min con Symfony CMF
 
Automazione quotidiana in php
Automazione quotidiana in phpAutomazione quotidiana in php
Automazione quotidiana in php
 
Symfony CMF: un nuovo paradigma per la gestione dei contenuti
Symfony CMF: un nuovo paradigma per la gestione dei contenutiSymfony CMF: un nuovo paradigma per la gestione dei contenuti
Symfony CMF: un nuovo paradigma per la gestione dei contenuti
 
Ant vs Phing
Ant vs PhingAnt vs Phing
Ant vs Phing
 
Form refactoring
Form refactoringForm refactoring
Form refactoring
 

Symfony2 security layer

  • 1. Symfony2 Security Layer Non chiedetemi del MethodSecurityInterceptor
  • 6. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 8. app/config/security.yml security: providers: nomi_fantasiosi: entity: class: AcmeUserBundle:User property: username encoders: AcmeUserBundleEntityUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 9. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 10. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: md5 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 11. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: sha1 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 12. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: sha512 firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 13. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 14. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_basic: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 15. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ http_digest: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 16. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ x509: ~ access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 17. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 18. app/config/security.yml security: providers: in_memory: memory: users: ryan: { password: ryanpass, roles: 'ROLE_USER' } admin: { password: kitten, roles: 'ROLE_ADMIN' } encoders: SymfonyComponentSecurityCoreUserUser: plaintext firewalls: secured_area: pattern: ^/ anonymous: ~ form_login: login_path: /login check_path: /login_check access_control: - { path: ^/admin, roles: ROLE_ADMIN }
  • 19. L’autenticato public function indexAction() { $user = $this ->get('security.context') ->getToken() ->getUser(); }
  • 21. ...con user e password $this ->get('security.context') ->getToken() ->isAuthenticated()
  • 22. ...con user e password $this ->get('security.context') ->getToken() E ->isAuthenticated() RU T
  • 23. ...anonimo $this ->get('security.context') ->getToken() ->isAuthenticated()
  • 24. ...anonimo $this ->get('security.context') ->getToken() E ->isAuthenticated() RU T
  • 27. La chiamata (app.php) $kernel = new AppKernel('prod', false); $request = Request::createFromGlobals(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
  • 28. La chiamata $this ->dispatcher ->dispatch(‘kernel.request’, $event);
  • 32. Firewall FirewallMap Listeners Token AuthenticationProvider
  • 33. Firewall FirewallMap Listeners Token AuthenticationProvider UserProvider Encoder UserChecker
  • 34. Firewall AuthSuccessHandler FirewallMap AuthFailureHandler Listeners LogoutHandler Token LogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
  • 35. Firewall AuthSuccessHandler FirewallMap SessionAuthStrategy AuthFailureHandler Listeners RememberMe LogoutHandler Token LogoutSuccessHandler AuthenticationProvider UserProvider Encoder UserChecker
  • 37. Voter
  • 38. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter
  • 39. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AuthenticatedVoter AuthenticatedTrustResolver
  • 40. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter RoleVoter AuthenticatedVoter RoleHierarchy AuthenticatedTrustResolver
  • 41. SecurityContext AccessListener MethodSecurityInterceptor AccessDecisionManager Voter AclVoter RoleVoter AuthenticatedVoter RoleHierarchy PermissionMap AuthenticatedTrustResolver AclProvider
  • 42. Sveliamo il mistero isAuthenticated vs isGranted(‘IS_FULLY_AUTHENTICATED’)
  • 43. Ego slide • Manuel “Kea” Baldassarri • Senior Developer • Webdev dal 1992 e PHP dev dal 1998 • Pro PHP: best practices • Marito e bi-padre • mb@ideato.it twitter: k3a • flickr: kea42 slideshare: kea42
  • 44. ?
  • 46. Tip #2 • Documentazione • http://symfony.com/doc/current/book • http://symfony.com/doc/current/cookbook • http://symfony.com/doc/current/components • https://github.com/matthiasnoback/symfony-docs • http://symfony.com/doc/current/reference/ configuration/security.htm
  • 47. Tip #3 Leggi il codice

Notas del editor

  1. \n
  2. Cosa vedremo: overview sul component, qualche esempio di conf e un po’ come funziona “da dentro”\n
  3. \n
  4. \n
  5. \n
  6. 90% del lavoro nel 90% dei casi è configurazione\n
  7. \n
  8. Verifica che tu sia chi dici di essere\nVerifica che tu abbia i privilegi per fare qualcosa\n\n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. Più firewall non condividono il contesto di sicurezza\n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. vediamo il codice\n
  26. \n
  27. All’interno del kernel, dopo l’inizializzazione\n
  28. Il firewall viene notificato dall’evento kernel.request, chiede al firewallmap se c’è una corrispondenza con i pattern delle url delle secured areas (requestMatcher)\nEsempi!\n
  29. in tal caso viene chiesto al listener di gestire la richiesta.\nLISTENERS: AnonymousAuthenticationListener, BasicAuth, Digest, Logout, SwitchUser, X509, UserPwdForm, RemberMe\n
  30. Anonymous, RemeberMe, UsernamePassword, PreAuth\nimplementano la TokenInferface (getUsername, getRoles, getCredentials, isAuth, getUser)\n
  31. \n
  32. memory, entity\n
  33. \n
  34. supporta 3 strategie per la gestione della sessione:\n * NONE: the session is not changed\n * MIGRATE: the session id is updated, attributes are kept\n * INVALIDATE: the session id is updated, attributes are lost\n
  35. \n
  36. Un votante è una classe dedicata a verificare che l'utente abbia i diritti per connettersi all'applicazione.\nAccesso consentito, negato, astenuto\n
  37. AccessDecMan usa i votanti per decidere se dare o meno l’autorizzazione\n
  38. \n
  39. \n
  40. Strategie: Affirmative (basta un grant), Consensus (maggioranza), Unanimous (unanimità)\n\n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n